Skip to content ↓ | Skip to navigation ↓

According to the 2015 Information Security Breaches Survey, a PwC study that I recently analyzed in an article for The State of Security, the number of denial of service (DoS) attacks has either dropped or remained stagnant for most UK corporations over the past year.

Apparently, this decline has not stopped certain malicious actors from getting creative with their distributed denial of service (DDoS) attacks, however.

Among those groups that have embraced DDoS attack campaigns this past year is Lizard Squad, a hacking group that set up a DDoS stresser service earlier in 2015 after successfully overloading the networks of both Playstation Network and Xbox Live on December 25th, 2014. These attacks may have ultimately contributed to Akamai’s finding that the world saw a 90 percent increase in DDoS attacks in 2014’s final quarter as compared to Q3. DDoS attacks are also not exclusive to amateur hacking groups.

Earlier this spring, China targeted GitHub with a large DDoS attack, which caused service interruptions for some users.

Now in the middle of 2015, yet another group has put its own spin on this tried and true method of network disruption. As analyzed by Heimdal Security Software, a group of computer criminals known as ‘DD4BC’ is threatening targets with massive DDoS attacks unless they pay a ransom using Bitcoins. These attacks generally bring down vital business services and cause disruption and financial loss.

Each campaign launched by DD4BC begins with an email that informs the victim of a low-level DDoS attack currently underway against the victim’s website. The email, as revealed by Akamai in a profile of the group, then goes on to demand a ransom paid in Bitcoins in return for DD4BC abstaining from launching a larger DDoS attack against the target.

According to research published by the Swiss Government Computer Emergency Response Team, DD4BC is theoretically capable of launching attacks consuming a bandwidth of up to 500 Gbit/s, which is about 1,000 times the capacity of a DSL/cable line, by taking advantage of amplification attacks that abuse the NTP, SSDP or DNS protocol. In reality, Incapsula, a cloud-based application delivery platform, has noted in a blog post that the group generally launches small application-layer attacks that peak at 150 requests per second.

This does not stop security personnel and law enforcement officials from taking DD4BC seriously, however.

“We are working closely with law enforcement in various jurisdictions to make sure they have a clear picture of what we see and face,” Troels Oerting, group chief information security officer at Barclays and former head of Europol’s European Cybercrime Centre (EC3), told to Computer Weekly. “We take the necessary steps to prevent, detect, react and mitigate all kinds of cyber crime we face, and that is simply the way we work. We take our customers and employees’ privacy and security very.”

dd4bc
Source: Akamai

The exploits of DD4BC go back at least a year. In November of 2014, reports emerged of the group having sent a note to the Bitalo Bitcoin exchange demanding 1 Bitcoin in return for helping the site enhance its protection against DDoS attacks. At the same time, DD4BC executed a small-scale attack to demonstrate the exchange’s vulnerability to this method of disruption. Bitalo ultimately refused to pay the ransom, however. Instead, the site publically accused the group of blackmail and extortion as well as created a bounty of more than USD $25,000 for information regarding the identities of those behind DD4BC.

Since then, the group has begun demanding Bitcion ransom payments in exchange for refraining from launching large-scale DDoS campaigns. In March of this year, for example, DD4BC targeted Bitmain, one of the largest Bitcoin mining equipment manufacturing companies in the world, and demanded a ransom payment of 10 BTC to prevent an attack. Like Bitalo, Bitmain refused to pay the ransom. In fact, it ultimately added 10 Bitcoins to Bitalo’s existing bounty.

DD4BC is still active as of this writing and is demanding as many as 25 Bitcoins from affected parties in exchange for assurance against a large DDoS attack.

To protect against the attacks launched by DD4BC and other groups, it is recommended that companies invest in anti-DDoS technology and create an emergency computer response team (as well as an organization-wide security policy) that outlines a plan of action if an attack ever arises.

For additional DDoS mitigation techniques, please click here.

Title image courtesy of ShutterStock

Tripwire CCM Express Free Trial
  • Verizon offers DDOS prevention by re-routing your static IP addresses to their SOC, filtering the attack data, and forwarding the rest of the "legit" data to you. This is a no brainer if you are on their network. Also, Verizon offers a Rapid Response program (whether you use their network or not) where they will manage your breach by using pro-active services to ensure you are prepared, then being able to address any breach with a 3 hour SLA. They are the best in the business, handling more than double the breach incidents of the next competitor, and are available worldwide (having all the forensics certificates in the proper countries).

    • best in the business? don't think so.

  • Agreed not the best in the buisness. Alternate routing is one defense against DDOS, dynamic dns black holing is another. But in this case there are more issues that meet the eye. This is what my company does. Bitsdigits (dot) Com has its own approach.

  • John Adam

    Yes UK is on 1st position who use DDoS Protection.
    These kinds of security protection is essentials for enterprise and for corporates.
    I am small business owner and using Business VPN for online security and data privacy.
    after so many incidents of data leaks its compulsory for business owner to protect there client and customer data.