Reading Time: .
The number and intensity of extortion attempts by means of DDoS attacks have been increasing for years. The amount of ransom demands is increasing as well. Those who want to protect themselves from this type of threat effectively need to take the strategy behind these cyber attacks into account.
Cybercriminals use DDoS attacks to overload web applications with artificially generated requests. As soon as the resulting load exceeds the capacities of the underlying web infrastructure, the affected processes inevitably collapse, resulting in costly outages. In cybersecurity, once such a DDoS attack has been linked to a demand for ransom, it is referred to as a Ransom Denial of Service (RDoS) attack.
Heavy burden for the economy
The costs incurred by cybercrime have been continually rising for years. A recent study by the digital association Bitkom showed that cyber attacks cost the German economy 223 billion euros per year. Nearly a third of these attacks are DDoS attacks. The horrendous amount of damage is due in no small part to the increased focus of attackers on individual sectors of the economy.
DDoS extortionists in particular use great care when choosing their victims. Attractive targets are primarily financially strong customers with critical digital services for which there is no respite when they fail. The perfidious ulterior motive: the victim’s willingness to pay grows the more critical the processes are. That is why more and more companies from the financial sector, the healthcare industry, or from the critical utilities sector are counted among those impacted. Accordingly, Allianz lists cyber incidents as the greatest risk these sectors face.
Attackers rely on pressure
Who are the attackers?
The vast majority of cybercriminals (about 90 percent according to the 2021 Verizon Data Breach Investigations Report) primarily pursue monetary interests. RDoS campaigns in particular are designed to generate maximum profit in a short time. Targeting as many companies as possible in the same period of time requires a precise orchestration of available attack resources. With an increasing number of targets, this requires extensive coordination of the attack campaigns. DDoS extortionists are therefore an organized crime group that has come up with a lucrative business model.
To lend more force to their demands for ransom, the extortion gangs often pose as well-known hacker groups such as Fancy Bear APT28, Armada Collective, or Lazarus Group. It is not known to what extent there are actually connections between the attackers and these internationally active groups. Most recently, a major RDoS campaign took place in the German-speaking region under the alias “Fancy Lazarus,” a name making reference to two of the most well-known hacker collectives.
They thus target both web applications themselves and the infrastructure behind them. In addition, cyber extortionists often resort to “reflection attacks” in their campaigns. The attacks are carried out using highly amplifying intermediate systems that are only indirectly involved (exploited by the attacker), which respond to the attackers’ short (small) requests with large data packets. To do this, the cybercriminals misuse conventional, completely legal web services and protocols such as DNS, NTP, or TFTP. Such reflection attacks thus increase the power of the attacks many times over while simultaneously ensuring that their origin is obfuscated.
How can companies protect themselves?
Anyone who has not implemented dedicated DDoS protection systems for all relevant network layers in advance is usually at the mercy of the first wave of attacks. As soon as the size of the attack exceeds the capacity of the company’s own infrastructure, the affected processes are brought to their knees. However, with professional help, DDoS attacks can be mitigated even in acute attack scenarios via an emergency shutdown. The impacted processes are up and running again as soon as the protection service provider purges the data traffic, preventing additional damage and downtime.
By contrast, preventively implemented protection systems that automatically filter harmful traffic in the event of an attack provide optimum security against overload attacks. Cloud-based protection solutions are particularly suitable in such scenarios since they do not require any additional software or hardware and are not coupled to the capacities of the individual internet connection.
Protective solutions with a deterrent effect
Once adequately protected, companies’ digital processes can even endure volumetric attacks with no downtime. In such situations, cybercriminals often lose interest in the target following the initial attack since attacks on protected companies unnecessarily consume resources. In any case, protected companies are much less likely to be targeted because they do not fit the cybercriminals’ profile for prey. The risk is too high that a failed attack could compromise the underlying attack construct of botnets and corrupted servers. Cybercriminal tools usually have a finite shelf life. International investigative authorities are regularly able to break up far-flung botnets.
On balance, preventively protected companies benefit in several ways: expensive disruptions due to DDoS attacks are avoided and, at the same time, the threat level of the organization is permanently lowered because it becomes a less appealing target for attackers. The only answer to the intensified threat situation is preventive protection for the operational business.
Implementation requires competent partners
Preventive DDoS protection from Germany
Myra DDoS Website Protection protects web applications on Layer 7 fully automatically. With full traffic visibility, Myra Security enables intelligent load balancing and site failover with high reliability and minimal response times.
Myra DDoS BGP Protection automatically protects against volumetric attacks on Layers 3 and 4. Detailed traffic analyses (NetFlow and sFlow) are provided by automatic flow monitoring. The failover of affected networks in case of an attack is also fully automated.