Page 48 - Cyber Defense eMagazine - November 2017
P. 48

HOW TO DEFEND YOUR BUSINESS AGAINST A

               RANSOM DRIVEN DDOS ATTACK



               RESPONDING TO THE SURGE IN DDOS RANSOM CAMPAIGNS


               by Stephanie Weagle, Vice President, Corero Network Security


               Since the inception of the internet, hackers have used DDoS attacks as a vehicle to sabotage
               and  retaliate.  Today,  we  see  a  widening  array  of  DDoS  targets  and  tactics  as  access  to  an
               increased number of DDoS-for-hire tools and services significantly lower the barrier to entry for
               anyone  looking  to  cause  chaos,  benefit  from  extortion  campaigns,  gain  notoriety  or  infiltrate
               networks.

               Anyone can access the depths of the dark web to launch a crippling attack for a nominal price;
               DDoS-for-hire botnets offer a subscription-based model enabling the launch of DDoS attacks at
               the size, scale or duration required to take a service offline and test existing security defenses.
               The anonymity of these services, ease of access and bargain basement prices make it easy for
               anyone to launch an attack against unsuspecting victims.

               Ransom driven DDoS attacks (RDoS) – a tactic when attackers threaten DDoS attacks unless
               paid in cryptocurrency, have been a hacker’s extortion tool of choice for several years, and the
               activity appears to come in waves. In recent months RDoS appears to have hit another peak in
               popularity targeting organizations across the globe with threats.

               September 30 was a key date for RDoS targets– pay up or prepare for a DDoS attack. This
               more recent campaign was driven by well-known hacker group Phantom Squad, and it spanned
               across industries—from banking and financial institutions, to hosting providers, online gaming
               services and software as a service (SaaS) organizations.

               Unfortunately, when even one victim chooses to engage with attackers by paying a ransom, we
               begin to see an onslaught of these types of attacks. RDoS attacks have grown in frequency as
               cyber criminals are constantly on the lookout for more efficient methods to attack systems and
               obtain profits. When faced with the costs of their business going offline if a successful DDoS
               attack  is  launched  against  them,  some  organizations  believe  that  paying  a  ransom  demand
               represents a worthwhile investment.

               This approach offers no guarantee that an attack will not be launched, in fact it could result in
               just the opposite. It is important to highlight the danger these attacks pose to businesses and
               learn how to build a successful defense against them.





                   48    Cyber Defense eMagazine – November 2017 Edition
                         Copyright © 2017, Cyber Defense Magazine,  All rights reserved worldwide.
   43   44   45   46   47   48   49   50   51   52   53