Cyber-criminals say it with flowers for Valentine's Day

Cyber-criminals say it with flowers for Valentine's Day
Cyber-criminals say it with flowers for Valentine's Day

Cyber-criminals have been targeting the websites of florists with DDoS attacks in an attempt to extort money.

Around a dozen websites were targeted on the run up to Valentine's Day, according to Imperva.

Security researchers Ofer Gayer and Tim Matthews said in a blog post that in the week leading up to 14 February, there was an increase in bot traffic to online florists.

“Ninety-one percent of the sites showed attack traffic during that period,” they said. “Of those sites, 23 percent showed a sharp increase in attack traffic. There does not appear to be a trend in attacks against all online florists, but rather targeted attacks. In fact, one of our customers reported receiving a ransom note.”

The researchers said that in one incident, an online florist came on board after it experienced an application layer DDoS attack. 

“The company's CDN provider interpreted the traffic as real user sessions, which exceeded the site's contracted cache capacity. This caused the provider to route the attack traffic to their origin servers. This ultimately brought the site down with a great loss of revenue,” they said.

Stephanie Weagle, vice president of Corero Network Security, told SCMagazineUK.com that e-retailers are prime targets for service disrupting and obfuscating DDoS attacks.

“Attackers know when and how to hit where it hurts the most; targeting florist websites during one of their busiest Holidays is not a coincidence. Knocking a revenue generating web site or application offline with a DDoS attack is not a difficult task, and we see real-world examples of these instances regularly,” she said.

Weagle added that too many organisations operate reactively when it comes to DDoS defence, and only look to implement dedicated security solutions after a threat, or once attacks have occurred.

“We have heard the war stories where victims actually pay the ransom in the hopes that the attacks will subside. A business might be tempted to pay out on the ransom request in the hope of avoiding the attack, however there is no guarantee that complying will keep the attacks at bay. A payoff sometimes leads to further demands for even more money,” she  said.

Dr Malcolm Murphy, systems engineering manager at Infoblox, told SC that Distributed Denial of Service (DDoS) attacks are growing in both frequency and sophistication. 

“Organisations can take relatively simple steps to reduce their exposure to DNS-based DDoS attacks,” he said.

“Education is needed to not only ensure that security conscious organisations are providing the necessary preventative measures, but also to illustrate the severity of the threat which is currently going unheeded. And those that don't listen will remain vulnerable.

Lee Munson, senior researcher at Comparitech.com, told SCMagazineUK.com that while companies offering DDoS protection services often suggest such attacks are on the rise, “I've seen no evidence to suggest that is the case”.

“What is apparent, though, is the fact that the scale and duration of the attacks are both increasing, as is the sophistication,” he said. “The timing of DDoS attacks certainly shows that criminals are aware of when their actions will prove to be most effective but that's more common sense than a display of higher intelligence.”

“If a company is being held to ransom by a criminal DDoS gang it should inform law enforcement immediately and issue a statement to its customers where industry practice allows,” he added.

“Under no circumstances should any business cave in and pay up as that only marks the business as a future target for the same or other criminal gangs.