Warning from Link11 as Aggressive Fancy Bear DDoS Attackers Return
Fancy Bear extortion emails demand Bitcoin transfers and threaten lengthy, high-volume attacks over 2,000 Gbps, with critical infrastructure providers targeted most
Link11, European leader in cyber-resilience, is warning of a rise in DDoS extortion and large-scale DDoS attacks carried out by blackmailers under the alias ‘Fancy Bear.’
Since the 12th August, companies have been receiving extortion emails from a sender under the name of ‘Fancy Bear.’ These emails have included the subject line: ‘DDoS attacks on your network.’ In the email the perpetrators have been demanding 15 Bitcoins, which, as of August 19th, is worth almost 150,000 Euros. Based on findings from the Link11 Security Operations Center (LSOC), the blackmail has been targeted at companies across various industries, although operators of critical infrastructures seem to be increasingly targeted.
This corresponds to the assessment made by the World Economic Forum (WEF), which in its Global Risk Report 2020, found cyberattacks on critical infrastructures operators to be one of the top five global risks, calling them a "new normality".
Repeat Offenders under Prominent Names
In October 2019, the ‘Fancy Bear’ blackmailers threatened DDoS attacks to put pressure on companies in order to obtain Bitcoins. The blackmail emails from last autumn and those from the current wave are largely identical in text. The Bitcoin addresses have been changed so the attackers can check who has paid. According to the email, targeted companies have seven days to transfer the Bitcoins.
Dangerous Combination of High-Volume Attacks and Long Duration
To stress the seriousness of their demands, the blackmailers have been launching warning attacks, which have been characterized by very high bandwidths and a long-lasting, high intensity. According to the attackers, however, these are only intended to provide a warning of what is to come if the ransom is not paid. If no Bitcoins are transferred, they threaten attacks of over 2,000 Gbps.
Attacks that were successfully fended off by LSOC for critical infrastructure providers reached several hundred Gbps and lasted several hours. The attacks were based on UPD Floods, TCP Floods and SYN Floods. To increase the attack volume, the perpetrators relied on the Reflection Amplification vectors WS Discovery, DNS, and Apple Remote Control.
Advice for Targeted Companies
In view of the aggressive nature of these perpetrators, organizations need to take these threats seriously. As soon as they receive an extortion email, they should proactively activate their DDoS protection solution. If the solution is not designed for high volume attacks of several hundred Gbps and more, it is important to find out how the company-specific protection bandwidth can be increased in the short term.
It is also important that targeted companies do not respond to the blackmail and instead report the attack to the national or local law enforcement authorities.
Stay updated on current DDoS reports, warnings, and news about IT security, cybercrime and DDoS protection.
Follow Link11 on Twitter
"More than 80% of U.S. companies have been successfully hacked, according to Duke University." But the article als…
0 Retweets 1Read More
📅 Do not forget the exciting date for tomorrow!
0 Retweets 0Read More
Our new DDoS report Q1 2021 is out now! 💡 Link11's IT security experts summarise the status and the most significa…
3 Retweets 3Read More
It might seem ironic, but its a good example showing nobody is safe. Better keep your cybersecurity & DDoS protecti…
3 Retweets 4Read More
Article is already a few days old but still highly interesting: Water utilities must strengthen their…
2 Retweets 0Read More