How to Defend Your Business against a Ransom Driven DDOS Attack

Responding to the surge in DDoS ransom campaigns

By Stephanie Weagle, Vice President, Corero Network Security

Since the inception of the internet, hackers have used DDoS attacks as a vehicle to sabotage and retaliate. Today, we see a widening array of DDoS targets and tactics as access to an increased number of DDoS-for-hire tools and services significantly lower the barrier to entry for anyone looking to cause chaos, benefit from extortion campaigns, gain notoriety or infiltrate networks.

Anyone can access the depths of the dark web to launch a crippling attack for a nominal price; DDoS-for-hire botnets offer a subscription-based model enabling the launch of DDoS attacks at the size, scale or duration required to take a service offline and test existing security defenses. The anonymity of these services, ease of access and bargain basement prices make it easy for anyone to launch an attack against unsuspecting victims.

Ransom driven DDoS attacks (RDoS) – a tactic when attackers threaten DDoS attacks unless paid in cryptocurrency, have been a hacker’s extortion tool of choice for several years, and the activity appears to come in waves. In recent months RDoS appears to have hit another peak in popularity targeting organizations across the globe with threats.

September 30 was a key date for RDoS targets– pay up or prepare for a DDoS attack. This more recent campaign was driven by well-known hacker group Phantom Squad, and it spanned across industries—from banking and financial institutions to hosting providers, online gaming services and software as a service (SaaS) organizations.

Unfortunately, when even one victim chooses to engage with attackers by paying a ransom, we begin to see an onslaught of these types of attacks. RDoS attacks have grown in frequency as cybercriminals are constantly on the lookout for more efficient methods to attack systems and obtain profits. When faced with the costs of their business going offline if a successful DDoS attack is launched against them, some organizations believe that paying a ransom demand represents a worthwhile investment.

This approach offers no guarantee that an attack will not be launched, in fact, it could result in just the opposite. It is important to highlight the danger these attacks pose to businesses and learn how to build a successful defense against them.

DDoS – A Threat to Availability and Security

Today’s DDoS attacks are almost unrecognizable from the early days of attacks when most were simple, volumetric attacks intended to cause disruptions to online services, maybe even publicly humiliate an organization. Today, the attack techniques are becoming ever-more complex and the frequency of attacks is growing exponentially. The combination of the size, frequency, and duration of modern attacks represent a serious security and availability challenge for any online organization. Minutes or even tens of minutes of downtime or latency significantly impacts the delivery of essential services. As the DDoS attack landscape evolves toward more sophisticated attack techniques, the objective is no longer focused solely on disruption.

The goal is not only to cripple a website, but rather to distract IT security staff with a low-bandwidth, sub-saturating DDoS attack. Such attacks typically are short duration (under 5 minutes) and volume, which means that they can easily slip under the radar without being detected or mitigated by some DDoS protection systems. These attacks are increasingly used as a smokescreen to camouflage other cyberattacks, including data breached and data exfiltration. The disruption caused by the DDoS attack can expose weaknesses in organizations’ cyber defenses or overwhelm other security tools, like firewalls or IPS/IDS, opening the door for cybercriminals to plant malware or steal sensitive information.

Proactive Protection in the Face of DDoS Attacks

Distinguish DDoS attack activity – Have a clear understanding of your network traffic patterns. Short duration, low volume attacks can be used as ‘stress tests’ profiling for security vulnerabilities within your edge security perimeter. Visibility into DDoS activity on your network is step one in defining your DDoS resiliency plan.

Document your DDoS defense plan – Proactive planning requires both technical and operational considerations. A comprehensive plan also includes a communication strategy that spans across all facets of the business, to ensure that key stakeholders are notified and consulted accordingly.

Time-to-mitigation is a critical consideration – When faced with an attack, the ransom is driven or otherwise, time-to-mitigation is critical. Minutes, tens of minutes or even seconds count. Downtime, outages, latency and security implications become increasingly damaging when mitigation techniques are not instantly engaged.

Organizations, regardless of industry, need to be proactive in their DDoS defense strategies. Paying out a ransom to stop an attack is not a scenario that any organization should have to deal with. As DDoS attacks continue to become more complex, more frequent and more adaptive in nature, traditional IT security infrastructure doesn’t stand a chance when it comes to proper protection for your business. Organizations must begin to look at DDoS as a threat vector that requires a dedicated detection and mitigation solution as part of an overall layered security strategy. Proper DDoS mitigation combines real-time, automatic detection and mitigation, deployed at the internet edge to defeat the growing threat of DDoS before it can impact the targeted environment.

About the Author
Stephanie Weagle brings more than 12 years of experience to Corero Network Security. As Vice President for the Corero DDoS protection solutions, Stephanie strives to accelerate market penetration of the award-winning Corero real-time DDoS mitigation product portfolio. Stephanie has been instrumental in establishing Corero as a category creator for automatic, scalable DDoS protection that is architected to meet the needs of any Internet-dependent organization, including, hosting and service providers, global carriers, and digital enterprises.
Stephanie can be reached online at [email protected] and at our company website https://www.corero.com/.