Armada Collective: DDoS Blackmailers Attack the Hosting Industry
Link11 is cautioning hosting providers to beware of a new wave of DDoS blackmail attacks by the Armada Collective. As recently as mid-August, attackers using the name Fancy Bear used DDoS attacks to put pressure on operators of critical infrastructure and financial services.
A fresh crop of blackmailers is now threatening companies in Europe with DDoS attacks. Hosting providers and data center operators in particular have received blackmail letters from a group called the Armada Collective. According to the Link11 Security Operations Center (LSOC), the threat to unprotected companies is real, as the perpetrators have already launched high-volume warning attacks at several Gbps. In exchange for a payment of 10 Bitcoins (98,000 Euro, as of 31.08.2020), they promise to stop the attacks against the IP addresses mentioned in the blackmailer's mail. If payment is not received, they threaten to launch attacks of up to 2 Tbps in bandwidth.
DDoS blackmail is a global phenomenon
It was only in mid-August that the LSOC registered a global wave of DDoS blackmail attacks against operators of critical infrastructure, especially in the financial sector. The perpetrators called themselves "Fancy Bear". The LSOC says it’s unclear whether Fancy Bear and Armada Collective are the same perpetrators. While the extortion letters differ in wording and the ransom amount, both senders use the same e-mail provider. The two groups have been linked to long-running DDoS attacks on the New Zealand Stock Exchange. They are also said to be responsible for blackmailing PayPal and MoneyGram.
Corona pandemic increases DDoS attack risk
Various groups claiming to be Armada Collective or Fancy Bear are using the names to make money. Some of them are professionals, others are just copycats. In light of the current incidents, the LSOC is emphasizing the concrete threat: the attacks, which are launched to show off the criminals’ technical attack capabilities, pose a grave threat to insufficiently protected companies. Link11 is advising blackmailed companies to take the situation seriously. They should quickly and decisively protect their IT infrastructure against DDoS attacks to avoid damage from online blackmailers.
The danger posed by DDoS attacks has become even more acute because of the sharp increase in home-office work and telework during the Corona pandemic. Since many employees are now working full- or part-time in home offices, new digital targets have emerged. If, over the long term, employees stay at home everywhere and dial into their accustomed working environment via VPN servers, corporate IT will have new security challenges to deal with. Downtimes – for example, of VPN services – can cause large-scale production losses. Another wrinkle in the threat situation is that DDoS attacks can be used as a smokescreen for more extensive cyber-campaigns. Only recently, the car manufacturer Tesla was the target of a ransomware campaign that was successfully thwarted by the US law enforcement authorities. The accused admitted that they wanted to use a DDoS attack as a smokescreen tactic.
In the Link11 DDoS Report for the first half of 2020, Link11’s security experts summarize the new threats facing companies and their accelerated digital transformation plans in the era of Covid-19.
Stay updated on current DDoS reports, warnings, and news about IT security, cybercrime and DDoS protection.
Follow Link11 on Twitter
Get a detailed and up to date overview of the global DDoS threat landscape by taking a look at our DDoS Report from…
5 Retweets 3Read More
@SecurityParalok Link11 DDoS Protection can help!
0 Retweets 0
@QAValley Thank you for sharing, great piece. For the fastest and reliable German made DDoS Protection, get in touch!
0 Retweets 0
@analyticsinme Great list, thank you for sharing. On how to protect yourself against DDoS attacks, we can help!
0 Retweets 0
@WIRED A good DDoS protection is essential! Happy to help on this topic
0 Retweets 0
Want to know more about how Karsten Desler, co-founder of Link11, found a solution to one of the biggest challenges…
7 Retweets 3Read More
In case you missed it, make sure to catch up here:
2 Retweets 2Read More
UK eCommerce business Ransoms Spares sought help after experiencing high volumes of traffic. With Link11, the compa…
2 Retweets 1Read More