In August, Radware and the FBI warned of a DDos Ransomware campaign targeting financial institutions and other industries worldwide. As noted by Radware, the number of blackmail messages from organizations accessing the globe is constantly increasing. 

 

 

* Ransome DDoS: is a type of DDoS with the purpose of extortion. It usually starts with threatening messages or posts, followed by a few small attacks to prove the threat is real.

“Lazarus Group” also known as APT38 is a criminal group that has carried out many attacks on major financial institutions, while “Fancy Bear” also known as APT28 is behind the attacks. into government, military and security organizations. APT28 is said to have carried out cyber attacks on NATO, the US White House or the election campaign of President Emmanuel Macron. 

 

The extortion letters (like the image below) threaten that the enterprise's network will be the target of a DDoS attack that can reach up to 2Tbps within 1 week of receiving the mail if they do not pay them at least 20 BTC (equivalent to 230,000 USD). 

 

An example of a blackmail letter 

 

Threats need to be taken seriously. If you lack protection and get mail, find a capable partner to help you implement mitigations so further attacks don't affect your organization and disrupt your business. business. 

 

All organizations that have contact with  Radware  and received a blackmail letter like the  sample letter above have tracked the attacks. The scale of attacks is tailored to the size and attack surface of the targeted organization. Attacks range from a few to several hundred gigabits per second. In some cases, peaks reach 300Gbps (not the announced 2Tbps) but still cause damage to most organizations and combine multiple attackers. 

 

Attackers include ARMS, CLDAP, WS-Discovery, GRE Flood, NTP Flood, UDP and UDP fragment floods, combined TCP SYN, TCP expiration, DNS reflection and ICMP flood. Attacks usually last for several hours until attackers see that they have gone no further. 

 

In some cases, we see attackers changing tactics and targeting attacks on victims' DNS services. DNS services are usually hosted by dedicated providers outside of the organization and some are unprotected. It is important to verify security measures to protect the DNS service because simply disrupting domain name resolution can have the same impact as a direct attack on the service itself. 

 

Effective DDOS attack protection with  Radware: 

• Combined DDOS Protection – On-premise and Cloud for real-time DDoS attack prevention while addressing high volume attacks and protection from system bottlenecks. 
• Behavior-Based Detection – Quickly, accurately identifies and blocks anomalies while allowing legitimate traffic to pass. 
• Real-time Signature Generation – Timely protection from unknown threats and zero-day attacks. 
• Cyber Attacks Emergency Response Plan – A dedicated team of emergency professionals with experience in Internet of Things security and handling IoT outbreaks. 
• Intelligent analysis based on active threat actors – high fidelity, performing correlations and analytics to protect against known attackers currently active. 

 

VNCS – Official distributor of products and solutions from Radware in Vietnam. Please contact us immediately for detailed advice on solutions to ensure information security for your business! 

 

See more: 

Checkmarx | Predict the state of software security in 2021