New Campaign Combines Extortion, DDoS

Latest attacks bank on the reputation of two prominent APT groups to increase the threat credibility.

Dark Reading logo in a gray background | Dark Reading

In the continuing evolution of cyberthreats, a new wave of attacks on businesses is combining distributed denial-of-service (DDoS) attacks and extortion. According to researchers at Akamai, the latest attacks attempt to leverage the reputations of two famous advanced persistent threat (APT) groups -- Fancy Bear and Armada Collective -- to encourage victims to pay rather than risk real DDoS attacks.

In a post about the new campaign, Akamai researchers Steve Ragan and Larry Cashdollar describe email messages sent to victims, some of which said that any attempt to publicize the threat or contact authorities will be met with "permanent" DDoS attacks.

The attack claiming to be from Armada Collective begins with a demand for five Bitcoins ($60,600), with an increase to 10 Bitcoins ($120,120) if the deadline is missed and then five Bitcoins added each day until the extortion is paid. The group using Fancy Bear demands 20 Bitcoins ($240,240) to begin, increasing to 30 Bitcoins for a missed deadline and 10 Bitcoins each day that follows.

In an interview with Dark Reading, Ragan says attackers threaten an attack of up to 2 Tbps against the victim; in at least one case they have launched a 50 Gbps attack to demonstrate their capability. According to the researchers, the demonstration attack was a UDP-based, ARMS protocol reflection attack using an unknown number of reflectors.

The researchers advise organizations receiving a threatening message not to pay and instead immediately talk to their upstream ISP and DDoS mitigation provider. "These are defendable attacks," says Ragan, especially if providers know to look for the initial flood of UDP packets.

Read more here.

 

About the Author

Curtis Franklin, Principal Analyst, Omdia

Curtis Franklin Jr. is Principal Analyst at Omdia, focusing on enterprise security management. Previously, he was senior editor of Dark Reading, editor of Light Reading's Security Now, and executive editor, technology, at InformationWeek, where he was also executive producer of InformationWeek's online radio and podcast episodes

Curtis has been writing about technologies and products in computing and networking since the early 1980s. He has been on staff and contributed to technology-industry publications including BYTE, ComputerWorld, CEO, Enterprise Efficiency, ChannelWeb, Network Computing, InfoWorld, PCWorld, Dark Reading, and ITWorld.com on subjects ranging from mobile enterprise computing to enterprise security and wireless networking.

Curtis is the author of thousands of articles, the co-author of five books, and has been a frequent speaker at computer and networking industry conferences across North America and Europe. His most recent books, Cloud Computing: Technologies and Strategies of the Ubiquitous Data Center, and Securing the Cloud: Security Strategies for the Ubiquitous Data Center, with co-author Brian Chee, are published by Taylor and Francis.

When he's not writing, Curtis is a painter, photographer, cook, and multi-instrumentalist musician. He is active in running, amateur radio (KG4GWA), the MakerFX maker space in Orlando, FL, and is a certified Florida Master Naturalist.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights