By Bev Robb, IT consultant
With everything that has been occurring upon the treacherous terrain of the cyberthreat landscape this year – we have not arrived at the point of a digital Pearl Harbor yet.
TechTarget defines cyberextortion as “a crime involving an attack or threat of attack against an enterprise, coupled with a demand for money to avert or stop the attack.”
Though cyberextortion can arrive in various forms – a cybercriminal’s end goal is to make a huge profit, using whatever means is necessary to bully businesses into complying with their extortion demands:
For a hacker, extortion is an easy way to monetize stolen information and provides the shortest path from cybercrime to cash. Moreover, cybercriminals don’t actually have to perpetrate an attack for it to pay off, they can simply capitalize on threatening to attack.
The year of extortion
Early last summer, Brian Krebs dubbed 2014 as the year that extortion went mainstream. Krebs stated at his blog that at least four businesses reported receiving “Notice of Extortion” letters in the U.S. mail. The content of the snail-mail letter included the recipient’s business name and assured the business owner that their business was merely targeted via a random selection process, and through no fault of their own. The extortionists claimed the ransom should be considered as a “one-time monetary tribute,” and provided a firm deadline for payment (in bitcoin). If the business owner was non-compliant in anteing up the extortionist’s bitcoin demand – the repercussions for business reputation could be dire.
Non-compliance consequences included:
- Negative online reviews
- Better Business Bureau complaints
- Harassing telephone calls
- Fraudulent delivery orders
- Telephone Denial-of-Service
- Bomb threats
- Mercury contamination
If this list is not evil enough – these thugs could also arrange anonymous reports of: health code and OSHA violations; criminal tax evasion; money laundering, illegal drug sales, *** grow operations, methamphetamine production; and *** training activity. What would be ticking in your mind if you received an extortion letter like this? Would you go to the authorities, or would you pay?
Cyberextortion ups the ante
Last week tech news exploded over a scary DDoS (distributed denial of service) cyberextortion group that was quite different from prior extortion gangs – According to a recent Akamai Security Bulletin, This menacing threat actor had attacked 141 of its customers since April 2015. Aside from demanding ransom payment of up to 100 bitcoins ($23,000 USD), these rascals threatened to target brand reputation through social media channels if their demands were not met. Though the latest attacks are focused primarily on the financial service industry – it won’t be long before they develop new strategies to target the enterprise.
The DDoS gang currently contacts targeted businesses via email, with severe threats of DDoS attacks against company websites if the owner is noncompliant with their extortion requests.
Modified email templates are sent to each targeted business, and the type of DDoS attack they will suffer is determined upon the organization’s level of DDoS security. The attackers state that a service such as Cloudflare will not be able to mitigate this type of attack because the attack group has the capability of UDP (user datagram protocol) flood power ranging from 400-500 Gbps. Though Akamai could only see 56 Gbps generated solely by UDP flood in the group’s first campaign, they considered this flood fairly large. Akamai advises organizations to take the cyberthreats seriously:
“This modus operandi is similar to an express kidnapping, where criminals demand a small ransom that victims or companies can pay easily.”
The Maritime Executive recently stated that there is a new generation of cyber risk that is more complex, with future threats coming from intellectual property theft, cyber extortion, and business interruption:
“The threats are moving beyond the established ones involving data breaches, privacy issues and reputational damage and moving to operational damage, business interruption and even potentially catastrophic losses.”
In June 2015, the DDoS cybergang attempted to extort the Bitalo Bitcoin exchange for 1 Bitcoin. The exchange refused to comply with their demands and instead, created a bounty for their heads, that has grown to more than $25,000 dollars as a reward for information regarding the identities of those behind the elusive cybergang.
Though the group is incognito for the moment – you never know when somebody, somewhere will crack their identity. Let’s hope that it is sooner than later.
To protect your organization from cyberextortionist groups that mitigate DDoS attacks, Akamai recommends the following defense measures:
- Deploy anomaly-and signature-based DDoS detection methods to identify attacks before a website becomes unavailable to users.
- Distribute resources to increase resiliency and avoid single points of failure due to an attack.
- Implement application layer DDoS mitigation appliances on the network in strategic locations to reduce the threat for critical application servers.
What strategies have you put in place to protect your network from this type of attack?
This post was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own and don’t necessarily represent Dell’s positions or strategies.
From October 20-22, Dell is bringing together technology and business professionals who are crafting a vision for the future of their enterprise. Register now for Dell World 2015 in Austin, Texas.