cfo-nz logo
Story image

Global DDoS attacks: What they are, how they work, and how to defend against them

03 Sep 2020

As many organisations around the world are being plagued by distributed denial of service (DDoS) attacks, some security firms and analysts are doing their best to untangle the attack web to find out who is behind the attacks.

In a bulletin that went out overnight from security firm Radware, those behind the attacks appear to be posing as well-known advanced persistent threat (APT) groups such as Fancy Bear, the Armada Collective, and the Lazarus Group. 

This backs up initial research from Akamai, which states that Fancy Bear and the Armada Collective may be behind the campaign. However, it is not totally clear if the groups are responsible for the attacks and it may be another threat group imitating well-known threat groups in order to make their attacks seem more threatening.

The global DDoS campaign is targeting thousands of organisations including internet service providers, finance companies, travel agencies, and companies in ecommerce. 

The attackers target organisations by sending emails that contain sensitive information about specific IP addresses or autonomous system numbers (ASN)s they will hit if the victims don’t cooperate.

The attackers then demand a ransom fee of 10 Bitcoin (NZ$16,792), however, some ransom demands have reached up to 20 Bitcoin (NZ$335,839).

If targeted organisations do not make the payment, attackers threaten to conduct DDoS attacks of up to 2 terabits per second (2Tbps), through most attacks so far have ranged between 50Gbps to 200Gbps. The ransom demand also increased by 10 Bitcoin as each deadline passes without a ransom payment.

Radware says that it has seen evidence that the attackers will follow up on their initial ransom demand. They often cite examples of other attacks so that targets can search for other recent disruptions. The attackers then ask, "You don't want to be like them, do you?"

If targets refuse to pay the ransom demand, the attackers will often launch DDoS attacks using a variety of methods including UDP and UDP-Frag floods, WS-Discovery amplification, and TCP SYN, TCP out-of-state, and ICMP Floods.

Akamai notes that the campaign is similar to one conducted in 2019 by a threat group appearing to imitate the APT Group called Cozy Bear.

Radware states that it is important that any organisation that receives a ransom demand should take the matter seriously, as attackers will more than likely follow through with DDoS attacks.

However, organisations should not pay the ransom demand and the DDoS attacks can be mitigated if the right protection is in place.

“These attacks are not at a level of complexity/amplitude that prevent mitigation if the right protection is in place. Radware has seen faster and better mitigation by leveraging hybrid always-on protection compared to asymmetric routed cloud protections,” the company states.

Akamai also urges targeted firms not to pay the ransom.

“We still believe that the actors conducting these extortion attacks are looking for a quick payout, with as little effort as possible on their part,” Akamai states.

Organisations should ensure they have:

  • Hybrid DDoS protection for on-premise and cloud environments. This protection must be able to defend against high volume attacks and pipe saturation
  • Behavioural-based detection. This blocks anomalies and lets genuine traffic through
  • Real-time signature creation to protect from known and unknown threats, including zero-day attacks
  • A security emergency response plan. This helps to deal with security incidents
  • An intelligence feed that details threats. This data can help to protect against active and known attackers.
Story image
Micro Focus launches new multi-cloud services solution
Micro Focus has introduced Hybrid Cloud Management X, designed to simplify the delivery of multi-cloud services. The offering is a cloud-native, multi-tenant management platform that can run in the public cloud or on-premises.More
Story image
CT Global Solutions signs on as SAS Managed Analytics Services partner
“Our new partner likes to say ‘SAS turns data into intelligence and CT Global turns that intelligence into profitability’ – and we look forward to working with them delivering on that promise at the local level.”More
Link image
DevOps teams struggling to achieve enterprise scale - tips for enablement
Christian Oestreich, a senior software engineering leader with experience at multiple Fortune 500 companies, shares how a metrics-driven mindset can dramatically improve software quality and enable DevOps at enterprise scale.More
Link image
The CFO’s guide to why CX deserves more attention
Customer experience an important way to keep customers coming back for more, but chances are the board is asking what the financial impact of any CX investment will be. Uncover the most common questions from APAC CFOs, and how to answer them.More
Story image
AI in the finance sector - and how it will revolutionise banking
With the bar to success set so much higher amid lockdowns, innovation is almost essential, and one of the clearest paths to innovating a business model is through AI.More
Story image
Chainstack adds further support for blockchain implementation and management
Chainstack has launched new service enhancements, support for its blockchain services platform, and a new marketplace to aid businesses looking to improve their management of decentralised applications.More