Warning from Link11 as Aggressive Fancy Bear DDoS Attackers Return
Fancy Bear extortion emails demand Bitcoin transfers and threaten lengthy, high-volume attacks over 2,000 Gbps, with critical infrastructure providers targeted most
Link11, European leader in cyber-resilience, is warning of a rise in DDoS extortion and large-scale DDoS attacks carried out by blackmailers under the alias ‘Fancy Bear.’
Since the 12th August, companies have been receiving extortion emails from a sender under the name of ‘Fancy Bear.’ These emails have included the subject line: ‘DDoS attacks on your network.’ In the email the perpetrators have been demanding 15 Bitcoins, which, as of August 19th, is worth almost 150,000 Euros. Based on findings from the Link11 Security Operations Center (LSOC), the blackmail has been targeted at companies across various industries, although operators of critical infrastructures seem to be increasingly targeted.
This corresponds to the assessment made by the World Economic Forum (WEF), which in its Global Risk Report 2020, found cyberattacks on critical infrastructures operators to be one of the top five global risks, calling them a "new normality".
Repeat Offenders under Prominent Names
In October 2019, the ‘Fancy Bear’ blackmailers threatened DDoS attacks to put pressure on companies in order to obtain Bitcoins. The blackmail emails from last autumn and those from the current wave are largely identical in text. The Bitcoin addresses have been changed so the attackers can check who has paid. According to the email, targeted companies have seven days to transfer the Bitcoins.
Dangerous Combination of High-Volume Attacks and Long Duration
To stress the seriousness of their demands, the blackmailers have been launching warning attacks, which have been characterized by very high bandwidths and a long-lasting, high intensity. According to the attackers, however, these are only intended to provide a warning of what is to come if the ransom is not paid. If no Bitcoins are transferred, they threaten attacks of over 2,000 Gbps.
Attacks that were successfully fended off by LSOC for critical infrastructure providers reached several hundred Gbps and lasted several hours. The attacks were based on UPD Floods, TCP Floods and SYN Floods. To increase the attack volume, the perpetrators relied on the Reflection Amplification vectors WS Discovery, DNS, and Apple Remote Control.
Advice for Targeted Companies
In view of the aggressive nature of these perpetrators, organizations need to take these threats seriously. As soon as they receive an extortion email, they should proactively activate their DDoS protection solution. If the solution is not designed for high volume attacks of several hundred Gbps and more, it is important to find out how the company-specific protection bandwidth can be increased in the short term.
It is also important that targeted companies do not respond to the blackmail and instead report the attack to the national or local law enforcement authorities.
Stay updated on current DDoS reports, warnings, and news about IT security, cybercrime and DDoS protection.
Follow Link11 on Twitter
Get a detailed and up to date overview of the global DDoS threat landscape by taking a look at our DDoS Report from…
5 Retweets 3Read More
@SecurityParalok Link11 DDoS Protection can help!
0 Retweets 0
@QAValley Thank you for sharing, great piece. For the fastest and reliable German made DDoS Protection, get in touch!
0 Retweets 0
@analyticsinme Great list, thank you for sharing. On how to protect yourself against DDoS attacks, we can help!
0 Retweets 0
@WIRED A good DDoS protection is essential! Happy to help on this topic
0 Retweets 0
Want to know more about how Karsten Desler, co-founder of Link11, found a solution to one of the biggest challenges…
7 Retweets 3Read More
In case you missed it, make sure to catch up here:
2 Retweets 2Read More
UK eCommerce business Ransoms Spares sought help after experiencing high volumes of traffic. With Link11, the compa…
2 Retweets 1Read More