Latest attacks bank on the reputation of two prominent APT groups to increase the threat credibility.
August 19, 2020
In the continuing evolution of cyberthreats, a new wave of attacks on businesses is combining distributed denial-of-service (DDoS) attacks and extortion. According to researchers at Akamai, the latest attacks attempt to leverage the reputations of two famous advanced persistent threat (APT) groups -- Fancy Bear and Armada Collective -- to encourage victims to pay rather than risk real DDoS attacks.
In a post about the new campaign, Akamai researchers Steve Ragan and Larry Cashdollar describe email messages sent to victims, some of which said that any attempt to publicize the threat or contact authorities will be met with "permanent" DDoS attacks.
The attack claiming to be from Armada Collective begins with a demand for five Bitcoins ($60,600), with an increase to 10 Bitcoins ($120,120) if the deadline is missed and then five Bitcoins added each day until the extortion is paid. The group using Fancy Bear demands 20 Bitcoins ($240,240) to begin, increasing to 30 Bitcoins for a missed deadline and 10 Bitcoins each day that follows.
In an interview with Dark Reading, Ragan says attackers threaten an attack of up to 2 Tbps against the victim; in at least one case they have launched a 50 Gbps attack to demonstrate their capability. According to the researchers, the demonstration attack was a UDP-based, ARMS protocol reflection attack using an unknown number of reflectors.
The researchers advise organizations receiving a threatening message not to pay and instead immediately talk to their upstream ISP and DDoS mitigation provider. "These are defendable attacks," says Ragan, especially if providers know to look for the initial flood of UDP packets.
Read more here.
About the Author(s)
You May Also Like
Guarding the Cloud: Top 5 Cloud Security Hacks and How You Can Avoid Them
April 4, 2024Cybersecurity Strategies for Small and Med Sized Businesses
April 11, 2024Defending Against Today's Threat Landscape with MDR
April 18, 2024Securing Code in the Age of AI
April 24, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024Black Hat Asia - April 16-19 - Learn More
April 16, 2024