Why organisations should wise up to the DDoS extortion trend
FYI, this story is more than a year old
Article by NCC Group director of technical security consulting for Asia Pacific Tim Dillon.
In case 2020 hasn’t thrown enough at us already, with COVID-19 and the seven-fold rise in the number of ransomware attacks, distributed denial of service (DDoS) extortion attacks are also trending upwards.
We first were alerted to this trend earlier this year when DDoS campaigns targeting the Australian financial sector made the news. Since then, reports by Radware, Kaspersky and Cloudflare have all brought attention to the increase in DDoS attacks. Most recently was the DDoS attacks targeting the New Zealand Stock Exchange (NZX) in August.
Many of these recent DDoS attacks are related to extortion attempts. Targeted organisations receive extortion notes after an initial attack to make payment to the criminal group in order to cease further attacks. The payment is requested to be paid to hard-to-trace cryptocurrency accounts.
NCC Group’s Cyber Incident Response Team (CIRT) responded to clients targeted by extortion-based DDoS attacks, noting that extortion messages continue to claim to be from notorious threat actors, like Lazarus Group, in an attempt to further intimidate victims into paying.
While the actors are not considered to be these more sophisticated groups, targeted organisations should not be complacent. DDoS attacks will likely still have the intended impact. The advice remains not to pay any ransom received, nor to even deny the request.
While it is essential to have a DDoS mitigation solution in place, it’s also important to test that it works as expected. Real-world DDoS simulation tests performed by NCC Group found:
- 64% of DDoS tests highlighted defence failures despite the mitigation service being operational. In 21% of those tests, related infrastructure and services were also impacted as a result.
- 89% of failed DDoS simulation exercises showed ineffective mitigation solutions were to blame. In many cases, customers were unaware of exactly what level of protection their mitigation SLAs provided.
- 72% of failed DDoS tests showed that the mitigation solutions could not protect against Layer 7 HTTP(S) floods.
Some industries are known to be more vulnerable to DDoS attacks, like finance and banking; however, a general increase in online traffic in 2020 means that many more businesses are now susceptible to attack. It’s a good time for organisations to check their defences or seek advice about their DDoS risk-profile.
NCC Group is one of two organisations in the world authorised as an AWS DDoS Test Partner. It is authorised to conduct DDoS simulation tests on behalf of AWS customers without prior approval.