According to The Daily Swig, in the past year, several cybersecurity vendors have observed an increase in ransom-related Distributed Denial of Service (DDoS) attacks. Also known as R-DDoS, such attacks are pure, unadulterated extortion. These types of attacks put their victims in a painful place; on top of suffering from downtime and service disruptions (or the imminent threat of such), there is the potential financial cost of paying the ransom. Even if an organization is resolute in its determination to not yield to the extortionists, dealing with the threat consumes valuable time and human resources. Reportedly, criminals sometimes threaten to inflict further pain with DDoS after having initially launched a ransomware encryption attack. Ransomware alone is dangerous enough, but when combined with a DDoS attack, they are even more frustrating, damaging, and costly.
Targeting backend infrastructure may cause prolonged outages
Alluding to the August 2020 R-DDoS attacks on the New Zealand Stock Exchange, Chris Morgan, senior cyber threat intelligence analyst at Digital Shadows, reportedly said, “Whereas most DDoS extortionists often target their victims’ public websites, this activity saw the repeated targeting of backend infrastructure, API endpoints, DNS servers, and even the NZX internet service providers. This shift towards backend systems may explain the prolonged outages associated with these attacks,” he added.
The Daily Swig article notes that attackers are using a variety of vectors, ranging from common network protocols like ARMS (Apple Remote Management Services), WS-DD (Web Services Dynamic Discovery), and CoAP (Constrained Application Protocol) to amplification vectors such as DNS response, SSDP, NTP or Memcache. The trend has been “shorter attack duration but greater packet-per-second attack volume, according to Alan Calder, founder and executive chairman of IT Governance, a cyber risk and privacy management firm. Often, threat actors will launch multi-vector attacks that rapidly and automatically switch between vectors making them harder to detect and mitigate. Since security analysts can’t manually detect these attacks and react quickly enough to eliminate downtime, it is essential to have automated, real-time DDoS mitigation, to successfully defend against any and all multi-vector DDoS attacks.
What to do if you experience an R-DDoS attack
Like the FBI and other government enforcement agencies, we at Corero always recommend not paying a ransom, as that will only encourage further criminal behavior and result in attacks to target other organizations, thinking they will be able to collect more ransom fees. However, we realize that many organizations may feel they don’t have a choice, if they are already under attack, and don’t have automatic, real-time DDoS protection in place, as it is often critical to get services back online as soon as possible. If you are under DDoS attack, contact Corero to see how we can help.
To learn more about how to effectively defend against a ransom DDoS, and the legal parameters on stopping these attacks, download Corero’s white paper, “Surviving Ransom Driven DDoS Extortion Campaigns.”
