Armada Collective: DDoS Blackmailers Attack the Hosting Industry
Link11 is cautioning hosting providers to beware of a new wave of DDoS blackmail attacks by the Armada Collective. As recently as mid-August, attackers using the name Fancy Bear used DDoS attacks to put pressure on operators of critical infrastructure and financial services.
A fresh crop of blackmailers is now threatening companies in Europe with DDoS attacks. Hosting providers and data center operators in particular have received blackmail letters from a group called the Armada Collective. According to the Link11 Security Operations Center (LSOC), the threat to unprotected companies is real, as the perpetrators have already launched high-volume warning attacks at several Gbps. In exchange for a payment of 10 Bitcoins (98,000 Euro, as of 31.08.2020), they promise to stop the attacks against the IP addresses mentioned in the blackmailer's mail. If payment is not received, they threaten to launch attacks of up to 2 Tbps in bandwidth.
DDoS blackmail is a global phenomenon
It was only in mid-August that the LSOC registered a global wave of DDoS blackmail attacks against operators of critical infrastructure, especially in the financial sector. The perpetrators called themselves "Fancy Bear". The LSOC says it’s unclear whether Fancy Bear and Armada Collective are the same perpetrators. While the extortion letters differ in wording and the ransom amount, both senders use the same e-mail provider. The two groups have been linked to long-running DDoS attacks on the New Zealand Stock Exchange. They are also said to be responsible for blackmailing PayPal and MoneyGram.
Corona pandemic increases DDoS attack risk
Various groups claiming to be Armada Collective or Fancy Bear are using the names to make money. Some of them are professionals, others are just copycats. In light of the current incidents, the LSOC is emphasizing the concrete threat: the attacks, which are launched to show off the criminals’ technical attack capabilities, pose a grave threat to insufficiently protected companies. Link11 is advising blackmailed companies to take the situation seriously. They should quickly and decisively protect their IT infrastructure against DDoS attacks to avoid damage from online blackmailers.
The danger posed by DDoS attacks has become even more acute because of the sharp increase in home-office work and telework during the Corona pandemic. Since many employees are now working full- or part-time in home offices, new digital targets have emerged. If, over the long term, employees stay at home everywhere and dial into their accustomed working environment via VPN servers, corporate IT will have new security challenges to deal with. Downtimes – for example, of VPN services – can cause large-scale production losses. Another wrinkle in the threat situation is that DDoS attacks can be used as a smokescreen for more extensive cyber-campaigns. Only recently, the car manufacturer Tesla was the target of a ransomware campaign that was successfully thwarted by the US law enforcement authorities. The accused admitted that they wanted to use a DDoS attack as a smokescreen tactic.
In the Link11 DDoS Report for the first half of 2020, Link11’s security experts summarize the new threats facing companies and their accelerated digital transformation plans in the era of Covid-19.
Stay updated on current DDoS reports, warnings, and news about IT security, cybercrime and DDoS protection.
Follow Link11 on Twitter
How to protect your business and website from DDoS attacks during the biggest sales period of the year:…
5 Retweets 6Read More
What are DDoS Attacks and how do cybercriminals use them as weapons to shut down IT infrastructures? And more impor…
7 Retweets 4Read More
This is why (and how) you should block bots on your business website (includes a list of most common bot attacks):…
9 Retweets 6Read More
What is Web Application Firewall, why do you need it and how does it protect your company? Learn more by reading ou…
3 Retweets 5Read More
@RandyLoss Hah, you weren't the only one saying that.
0 Retweets 0
@vxtrade Your company might ;)
0 Retweets 1
@deckhand25 He is not, but close enough! ;)
0 Retweets 1
What would you do if you received a 180 000€ DDoS extortion email warning to exceed your web infrastructure defense…
1 Retweets 4Read More
Get a detailed and up to date overview of the global DDoS threat landscape by taking a look at our DDoS Report from…
6 Retweets 5Read More
@SecurityParalok Link11 DDoS Protection can help!
0 Retweets 0
@QAValley Thank you for sharing, great piece. For the fastest and reliable German made DDoS Protection, get in touch!
0 Retweets 0