Beware of Latest DDoS Extortion Attacks
In the past weeks, various financial organisations over the world have been on the receiving end of Distributed Denial of Service (DDoS) extortion attacks, with disruption to their online service.
According to an international anti-DDoS service provider, the attackers would target multiple sectors, including finance, travel, and e-commerce. They would first contact their targets by sending ransom emails, warning of an impending DDoS attack against their company unless a ransom is paid in Bitcoin. The attackers would utilise various attack vectors, such as ARMS, DNS Flood, GRE Protocol Flood, SNMP Flood, SYN Flood, and WSDiscovery Flood attacks, to launch DDoS attack traffic at almost 200 Gb/sec (equivalent to send 40,000 mp3 songs in a second). Also, they would cunningly change attack tactics, such as application attacks and spoofed attacks, to bypass the security protections of their targets.
HKCERT urges local companies to stay vigilant and pay extra attention to DDoS extortion attacks, and adopt the following advice for a better defence of such attacks:
- Ensure your organisations get prepared with a related contingency plan and playbook for DDoS incident;
- Ensure network monitoring and security detection are in place and ready to carry out immediate incident response if any abnormal network activities are detected;
- Harden the network infrastructure and minimise the points of exposure to the Internet;
- Consider DDoS protection solution or service to defend against DDoS attacks;
- Do not pay the ransom;
- Report to HKCERT for coordination with ISPs on blocking attacker IP addresses (if identified);
- Contact HKCERT at 8105 6060 for enquiry or assistance.