In recent weeks, the UK retail bank Lloyds was hit with a denial of service attack, which reportedly lasted for two days and attempted to block access to 20 million accounts. The attack was part of a broader DDoS campaign against an unspecified number of UK banks that only affected services at Lloyds, Halifax and Bank of Scotland. Availability of services was affected but no customers suffered any financial loss. The attack has attracted significant media attention, being such a high-profile attack with far-reaching potential consequences.
Motive Behind DDoS Attacks on UK Banks
It has also now emerged that the attack was launched as part of a DDoS extortion strategy, which involved a hacker demanding around £75,000 ransom from the bank. An anonymous hacker reportedly told Motherboard that they contacted Lloyds on 11 January by email, informing the bank about security vulnerabilities, and demanded that they pay a ‘consultation fee’ in bitcoins to avoid being attacked. This element of the attack highlights important concerns regarding the evolution of ransom-related DDoS attacks and the threat they pose to businesses.
Increase in DDoS Attacks for Ransom
For some time now, attackers have been using DDoS attacks as part of a wider campaign of cyber threats and techniques, and the trend of ransom-related DDoS has been growing. In a 2016 study, we found that 80 percent of European IT security professionals expect their business to be threatened with a DDoS ransom attack during the next 12 months.
DDoS extortion campaigns are a common tool in the cyber-threat arsenal, and one of the easiest ways for an attacker to turn a quick profit. When service availability is threatened, the victim company needs to consider the potential loss in downtime, revenues and brand damage. When faced with these costly implications, you can understand why some organizations choose to pay the ransom in hopes of circumventing the attack. But in most cases, this is futile: the promise of withholding attacks after the payout is empty.
Corero’s research, which polled over 100 security professionals at the Infosecurity Europe conference in London, highlights the growing threat of cyber extortion attempts targeting businesses in the United Kingdom and continental Europe. In May 2016, the City of London Police warned of a new wave of ransom driven DDoS attacks orchestrated by Lizard Squad, in which UK businesses were told that they would be targeted by a DDoS attack if they refused to pay five bitcoins, equivalent to just over £1,500. Corero’s Security Operations Center also recorded a sharp increase in hackers targeting their customers with such demands at the end of 2015.
Even more concerning was the finding in the study that almost half of these IT security professionals (43%) thought that it was possible that their organization might pay such a ransom demand.
Effective DDoS Defense Methods
The only way for an organization to defend themselves against the DDoS threat, whether ransom-related or other, is to have an always-on, automated DDoS mitigation solution that detects and mitigates DDoS attack attempts instantaneously, even the low-threshold, short duration attacks—and stops them in their tracks. These low-level, sub-saturating DDoS attacks are often used as a precursor to ransom demands, because they are typically not detected by security teams and allow hackers to find pathways and test for vulnerabilities within a network which can later be exploited through other techniques. For this reason, full visibility across all potential network incursions is an essential part of any defense solution, as is the capability to respond in real-time in the event of an attack.
To find out more, contact us.