The group calling themselves “DDoS for Bitcoin” (DD4BC) continues to extort money from a host of companies located all over the globe, and today very few organizations are able to adequately protect themselves from DD4BC’s tactics. The group’s extortion campaigns have been increasing recently which include a preemptive email notifying an organization of a pending DDoS attack, and asking for a ransom to be paid in Bitcoins to avoid such an event. Organizations report that group is not asking for millions of dollars in ransom, instead the attackers generally ask for between 25 and 50 Bitcoins if the victim pays within 24 hours. At today’s rate of exchange, 40 Bitcoins equals about $10,000, and rumor has it that companies have been paying to be reprieved of such an event. Here is a copy of one of DD4BC’s email campaigns.
Source - Akamai
It never ceases to amaze how much ingenuity cybercriminals have, inventing new ways of capitalizing on the vulnerability of the very thing they use to launch their attacks – the Internet. Although these types of DDoS extortion campaigns are nothing new, a new class of attacker is beginning to emerge. As a matter of fact these types of campaigns were somewhat common in the past, but targeted much larger organizations instead. This time around even Small Medium Enterprises (SMEs) are at risk of finding themselves within the crosshairs of these attackers.
There is a very high probably that other extortion rackets will copy DD4BC business’ model for a host of reasons. Motivations for DDoS attacks are very broad and include notoriety, extortion (of course), competitive advantage, revenge, hacktivism, and even cyberwar. These attacks have been launched by cybercriminals and nation states for years. The tools are easy to obtain, the DDoS attack spectrum is growing rapidly with new method discovered nearly monthly, botnet for hire services are on the rise, civil penalties for attackers are nearly non-existent, and at the end of the day – these attacks can end up being quite profitable.
Extortion groups like DD4BC are nearly operating like the old-school protection rackets that existed in nearly every major city years ago - and likely still exist in some neighborhoods today. When a small business paid for protection from racketeers, it insured that the small business would be protected from the racketeers themselves. The racketeers called it insurance or protection services and it was extremely profitable.
But this is where DD4BC is different. Paying the racketeers for protection also insured that if any other criminal in the area committed a crime against a protected business, the racketeers would work to solve that problem as well. Meaning, anyone that committed a crime against a protected business would likely end up in a shallow grave on the outskirts of town, or found wearing concrete swim fins in the bottom of the river. Territories were divided and turfs were protected. But in the case with DD4BC they are not offering that type of a protection service. They are nothing more than extortionists.
Given the instability in our worldwide financial markets, our global financial systems, massive immigrations beginning around the world, and climate change taking place before our eyes, these social pressures only increase the likelihood of copycat attackers. With an increase in radically-based religious wars spreading around the world, soaring rates of diseases like cancer and diabetes, viruses like Ebola rising once again out of check, and our global reliance on the Internet – the environment could not be more advantageous for the DDoS for profit marketspace, and many analyst and subject matter experts believe this is only the beginning.
So where does this leave the SME?
Today the industry recommends the usage of what is known as the hybrid approach to solving the DDoS dilemma. In this approach, organizations deploy on-premise DDoS defense technology to defeat the run-of-the-mill attacks, while subscribing to a cloud-based anti-DDoS provider to reduce the effects of super-saturation, pipe-filling attacks. However countless SME’s are at an impasse.
In many cases SMEs cannot justify the cost of on-premises DDoS defenses, and often cloud based anti-DDoS services exceed the SME’s cost/benefit model as well. Often cloud-based anti-DDoS services can be more costly then the revenue generated by the SME in the first place. In addition, many SME’s have relatively small Internet pipes – most often in the 50Mbps-to-1Gbps range and with today’s big bandwidth attacks, many of the SME’s pipes could be filled in an instant.
A Global Call to Action!
SMEs all over the globe are beginning to recognize that they cannot afford to defend themselves in an “EVERY MAN FOR HIMSELF” scenario. In this case there are no economies of scale that can help level the playing field to enable affordable protection. When SMEs inquire about protection from their service provider (the organization where they buy bandwidth from in the first place) a huge number of service providers have nothing more to offer than black holes and null routes; which everyone knows does nothing more than perfect a DDoS attack. The only way SMEs can begin to defend themselves today is to join forces and petition their service providers to begin to offer affordable DDoS protection. Small to Medium Enterprises - It’s time to stand-up and let your voices be heard!