Since the early May 2019, numerous data centers, ISPs and hosting providers in Italy have received extortion mails on behalf of the “Turkish hackers”. The cyber-criminals demand Bitcoins to stop large-scale DDoS attacks of more than 100 Gbps.
The Turkish hackers’ approach is always the same: There are “warning attacks” which in most cases overload the systems and IT infrastructures of the attacked hosting provider. At the same time, the technically sophisticated perpetrators keep changing their attack strategy and, depending on the indicated weak points, they use various attack techniques and vectors. The Turkish hackers thus show the same extortion methods used by previous DDoS perpetrators like DD4BC, Armada Collective and New World Hacking Group.
The companies being extorted barely have any time to prepare for the attacks. They are therefore severely impacted due to the technically well-prepared and persistent attacks. The Link11 Security Operation Center (LSOC) recently successfully mitigated several of the “warning DDoS attacks” as well as the subsequently announced DDoS attacks on Italian hosting providers.
Data centers that are unprotected and do not get involved with the extortion attempt must act fast so that they don’t lose any time. The payment deadline given by the perpetrators is generally between 24 and 48 hours. It also requires a great deal of expertise to get an entire data center behind a DDoS shield. It is not enough simply to install hardware because it can quickly reach the limits of its capacity due to the flood of queries. Practice shows that data centers are only protected against large-scale DDoS attacks when the entire data traffic is re-routed and cleaned via multi-stage filter processes by a protection provider like Link11.
There is a threat of further attacks in the coming weeks. The LSOC does not recommend under any circumstances to agree with the extortion attempt but to further sharpen own protective measures and, if necessary, to consult external specialists for the defense against DDoS attacks.
