November 30, 2015
This week in DDoS Digest, we look at the following distributed denial of service stories:
Hackers have contacted three Greek banks, threatening them with a distributed denial of service attack if they do not pay a bitcoin ransom on November 30.
The Armada Collective is the group that is extorting the banks. This well-known DDoS ring is the same organization that took down various secure email services including the Swiss company ProtonMail. ProtonMail paid the ransom to the collective and the attack continued, making other businesses skeptical about giving in to their demands.
Initial contact of the banks was made on Thursday, November 26. In order to demonstrate its capacity to deliver on its threats, the Armada Collective brought down all of the banks simultaneously for a short period.
The threat only applies to online banking systems and not to the servers that handle general transactions, reports Jane McCallion in IT Pro. “[A] number of service providers are also increasing capacity for the banks to handle traffic in an attempt to thwart the attackers,” she notes, “and a special taskforce made up of the Greek National Intelligence Service, Financial Crimes Squad and Bank of Greece has been put together to deal with the crisis.”
There are plenty of analyses from security companies showing how prevalent distributed denial of service has become, both as a way to extract ransoms and as a smokescreen for injection of malware.
A team of computer science researchers believes that the real way to go after DDoS is to focus on booters, which are web apps that give anyone access to botnets or distributed virtual systems for attacks – removing actual technical skill from the equation.
It’s generally understood that booters are a large part of the DDoS problem, but the specific figures are staggering. More than 6000 people have purchased these services, resulting in more than half a million (600,000) denial of service incidents.
Generally speaking, PayPal is used to pay for these services. The researchers, Karami, Park, and McCoy, came up with a clever way to thwart booters, as described in TechRepublic. “‘To measure the resilience of their payment infrastructure, we conduct a payment intervention in collaboration with PayPal,’” they explain. “‘Our evaluation of the effectiveness of this approach suggests that it is a promising method for reducing the subscriber base of booters.’”
One final interesting finding is that almost half of merchant and customer accounts doing business with booters seem to be based in the United States.