Enterprises in Canada and the U.S. are increasingly being targeted by new distributed denial of service attacks from a Bitcoin extortionist group dubbed DD4BC, according to a new report from Akamai Technologies.
“The latest attacks – focused primarily on the financial service industry – involved new strategies and tactics intended to harass, extort and ultimately embarrass the victim publically,” Stuart Scholly, the content delivery provider’s senior vice-president and general manager of its security division, said in a statement.
No victim organizations were named.
Some attacks have been measured at up to 50 Gigabits per second. Typically the group uses use of multi-vector DDoS attack campaigns, revisiting former targets and also incorporating Layer 7 DDoS in multi-vector attacks, specifically concentrating on the WordPress pingback vulnerability, the report says. This vulnerability is exploited to repeatedly send reflected GET requests to the target to overload the website. Akamai said its researchers have seen this attack method incorporated into DDoS booter suite frameworks.
Akamai has been tracking the group since some customers were targeted 12 months ago. Since April it identified 114 DD4BC attacks alone, including more aggressive measures that target brand reputation through social media.
The attacks initially started against organizations in North America and Asia, then shifted to Europe before focussing on companies in Korea, China, Australia, and New Zealand for a period.
But more recently the past year the group expanded its extortion and DDoS campaigns to target a wider array of business sectors – including financial services, media and entertainment, online gaming and retailers, the report says. An attack start with an e-mail to a target that a low-level DDoS attack will be launched against the organization’s website. After that attack there is demand to pay Bitcoin within 24 hours to protect the company from a larger DDoS attack that would make its website inaccessible.
A typical recent email has the cheek to introduce the group to the victim by including a link to an April post by Akamai describing DD4BC
Akamai has seen initial demand requests averaging 10-20 bitcoin (the exchange rate is about US$230 per bitcoin), although it has been as much as 100 bitcoins.
To protect enterprises Akamai recommends CISOs deploy anomaly- and signature-based DDoS detection methods to identify attacks before a website becomes unavailable to users, distribute resources to increase resiliency and avoid single points of failure due to an attack and to implement Layer 7 DDoS mitigation appliances on the network in strategic locations to reduce the threat for critical application servers.
Bad news for CISOs: Akamai believes copycats will adopt DD4BC’s strategies.