sb-au logo
Story image

Why organisations should wise up to the DDoS extortion trend

26 Oct 2020

Article by NCC Group director of technical security consulting for Asia Pacific Tim Dillon.

In case 2020 hasn’t thrown enough at us already, with COVID-19 and the seven-fold rise in the number of ransomware attacks, distributed denial of service (DDoS) extortion attacks are also trending upwards.  

We first were alerted to this trend earlier this year when DDoS campaigns targeting the Australian financial sector made the news. Since then, reports by Radware, Kaspersky and Cloudflare have all brought attention to the increase in DDoS attacks. Most recently was the DDoS attacks targeting the New Zealand Stock Exchange (NZX) in August. 

Many of these recent DDoS attacks are related to extortion attempts. Targeted organisations receive extortion notes after an initial attack to make payment to the criminal group in order to cease further attacks. The payment is requested to be paid to hard-to-trace cryptocurrency accounts. 

NCC Group’s Cyber Incident Response Team (CIRT) responded to clients targeted by extortion-based DDoS attacks, noting that extortion messages continue to claim to be from notorious threat actors, like Lazarus Group, in an attempt to further intimidate victims into paying. 

While the actors are not considered to be these more sophisticated groups, targeted organisations should not be complacent. DDoS attacks will likely still have the intended impact. The advice remains not to pay any ransom received, nor to even deny the request. 

While it is essential to have a DDoS mitigation solution in place, it’s also important to test that it works as expected. Real-world DDoS simulation tests performed by NCC Group found:

  • 64% of DDoS tests highlighted defence failures despite the mitigation service being operational. In 21% of those tests, related infrastructure and services were also impacted as a result.
  • 89% of failed DDoS simulation exercises showed ineffective mitigation solutions were to blame. In many cases, customers were unaware of exactly what level of protection their mitigation SLAs provided.
  • 72% of failed DDoS tests showed that the mitigation solutions could not protect against Layer 7 HTTP(S) floods.

Some industries are known to be more vulnerable to DDoS attacks, like finance and banking; however, a general increase in online traffic in 2020 means that many more businesses are now susceptible to attack. It’s a good time for organisations to check their defences or seek advice about their DDoS risk-profile.

NCC Group is one of two organisations in the world authorised as an AWS DDoS Test Partner. It is authorised to conduct DDoS simulation tests on behalf of AWS customers without prior approval.

Story image
Financial firms exposing data through mismanaged access controls - Varonis
Almost two-thirds of the analysed firms leave more than 1000 sensitive files open for every employee to access.More
Story image
Bluechip Infotech to distribute WatchGuard’s Firewall-aaS
It comes with a zero commitment option where the firewall appliance can be returned at any time.More
Link image
The definitive checklist to distinguish a broken authentication system
An improper or insecure implementation of authentication is a critical web application security risk. This checklist will discern the good from the bad.More
Story image
Why 2021 will be the year of catch-up
The transition to remote work and new online contactless business models is not temporary and is affecting the future strategy on how organisations invest in cybersecurity, writes Radware vice president and managing director for EMEA and LATAM, Rob Hartley.More
Story image
Video: 10 Minute IT Jams - Vectra AI exec discusses cybersecurity for Office 365
In Techday's second IT Jam with Vectra AI, we speak again with its head of security engineering Chris Fisher, who discusses the organisational impact of security breaches within Microsoft O365, why these attacks are on the rise, and what steps organisations should take to protect employees from attacks.More
Story image
Claroty and CrowdStrike form partnership to protect industrial control system environements
The integration will deliver visibility into industrial control system (ICS) networks and endpoints, with a one-stop-shop for information technology (IT) and OT asset information directly within The Claroty Platform.More