80 percent of Euro businesses fear DDoS extortion

IT professionals are quaking in their boots over the threat of DDoS extortion if the results of a new survey are anything to go by.

DDoS attacks can be used for extortion or as a smokescreen
DDoS attacks can be used for extortion or as a smokescreen

Blood pressures are skyrocketing as IT security professionals lose sleep over a DDoS- extortion attack in the next year. A new report has shown 80 percent fear they'll be a target of just such an attack within the next 12 months.

The report comes from Corero Network Security and is based on a survey of 103 attendees at Infosecurity Europe 2016 in London.

DDoS attacks are one of the more popular tools in the hacker's toolkit. DDoS, or distributed denial of service attacks, work by essentially flooding the target with traffic. Attackers will normally employ botnets to do this, making it seem as though millions of people are all visiting the same site at the exact same second.

Though a favourite of hacktivists, the attack is also employed by cyber-criminals, often using it as a smokescreen to distract defenders while stealing information from the parts of networks that are left undefended.

What's keeping our IT professionals up late into the night is the possibility of extortion. Perhaps most famous for this kind of scam is the blackmail group DD4BC who would relentlessly DDoS websites until the unfortunate victims coughed up a couple of bitcoins.

While several key members  of the group have been arrested, the tactics work and are not hard to replicate.

Cyber-criminals have clearly decided there's no need to mess with the classics. Extortion is, after all, one of the oldest tricks in the book. “Attackers have never before had an anonymous way to communicate with their victims, launch their attacks and get paid – until now,” Justin Harvey, CSO at Fidelis, told SCMagazineUK.com.

“With the proliferation of tools such as The Onion Router (TOR), which facilitate the Dark Web or Dark Net, cyber-criminals can freely communicate with the organisations they wish to target. To get paid, the attacker can simply demand Bitcoins, as it is an anonymous digital currency.”

Those surveyed don't seem to have a great deal of faith that their organisations will stand up to the ransom, should it ever happen. Nearly half of respondents, 43 percent, said that their organisation would pay the ransom.

In a curious turn, 59 percent pointed the finger at their internet service providers (ISPs) as not providing them with enough defence against DDoS attacks. A further 24 percent believe that if a DDoS attack were to happen, the blame should go to the ISP, and 21 percent would switch providers if adequate protection was not offered against a DDoS attack.

And the respondents suspect, their ISPs hide behind the convenient excuse of net neutrality law – 53 percent expressed just such an opinion,

Dave Larson, COO at Corero Network Security, told SC, “Internet bandwidth is comprised of a wide variety of traffic flows. While the majority of traffic is legitimate, significant portions are sometimes unnecessary and increasingly damaging. These flows can range from distributed denial-of-service (DDoS) attacks to malware or botnet-related activity.”

He added: “An ISP's function has traditionally been to pass traffic from one destination to another, without judgement about the content. However, in order for the Internet to thrive and ISPs to continue protecting their own infrastructure, and that of their downstream customers, Internet security and neutrality must co-exist. DDoS attacks leave the critical infrastructure of an ISP at risk for massive outages that impact all traffic flow, not just select streams.”

Larson concluded, “Net neutrality is generally a policy geared towards fairness – but to put all flows at risk by treating the bad traffic ‘fairly' seems to be a step beyond what was intended.”