Warning from Link11 as Aggressive Fancy Bear DDoS Attackers Return
Fancy Bear extortion emails demand Bitcoin transfers and threaten lengthy, high-volume attacks over 2,000 Gbps, with critical infrastructure providers targeted most
Link11, European leader in cyber-resilience, is warning of a rise in DDoS extortion and large-scale DDoS attacks carried out by blackmailers under the alias ‘Fancy Bear.’
Since the 12th August, companies have been receiving extortion emails from a sender under the name of ‘Fancy Bear.’ These emails have included the subject line: ‘DDoS attacks on your network.’ In the email the perpetrators have been demanding 15 Bitcoins, which, as of August 19th, is worth almost 150,000 Euros. Based on findings from the Link11 Security Operations Center (LSOC), the blackmail has been targeted at companies across various industries, although operators of critical infrastructures seem to be increasingly targeted.
This corresponds to the assessment made by the World Economic Forum (WEF), which in its Global Risk Report 2020, found cyberattacks on critical infrastructures operators to be one of the top five global risks, calling them a "new normality".
Repeat Offenders under Prominent Names
In October 2019, the ‘Fancy Bear’ blackmailers threatened DDoS attacks to put pressure on companies in order to obtain Bitcoins. The blackmail emails from last autumn and those from the current wave are largely identical in text. The Bitcoin addresses have been changed so the attackers can check who has paid. According to the email, targeted companies have seven days to transfer the Bitcoins.
Dangerous Combination of High-Volume Attacks and Long Duration
To stress the seriousness of their demands, the blackmailers have been launching warning attacks, which have been characterized by very high bandwidths and a long-lasting, high intensity. According to the attackers, however, these are only intended to provide a warning of what is to come if the ransom is not paid. If no Bitcoins are transferred, they threaten attacks of over 2,000 Gbps.
Attacks that were successfully fended off by LSOC for critical infrastructure providers reached several hundred Gbps and lasted several hours. The attacks were based on UPD Floods, TCP Floods and SYN Floods. To increase the attack volume, the perpetrators relied on the Reflection Amplification vectors WS Discovery, DNS, and Apple Remote Control.
Advice for Targeted Companies
In view of the aggressive nature of these perpetrators, organizations need to take these threats seriously. As soon as they receive an extortion email, they should proactively activate their DDoS protection solution. If the solution is not designed for high volume attacks of several hundred Gbps and more, it is important to find out how the company-specific protection bandwidth can be increased in the short term.
It is also important that targeted companies do not respond to the blackmail and instead report the attack to the national or local law enforcement authorities.
Stay updated on current DDoS reports, warnings, and news about IT security, cybercrime and DDoS protection.
Follow Link11 on Twitter
https://t.co/AtNMRQvCYI Did you know that 37,9% of internet traffic is made up of bots? Or that 20,4% of that amoun…
7 Retweets 6Read More
The Link11 360° degree DDoS Protection is... ➡️ Smarter: AI-based Whitelisting approach ➡️ Faster: Attack mitigati…
5 Retweets 4Read More
The European Organisation for Safety of Air Navigation revealed new cyber security statistics!…
1 Retweets 3Read More
➡️ Link11 Report discovers record number of DDoS attacks in first half of 2021. 1) DDoS at…
9 Retweets 7Read More
The European Union Agency for Cybersecurity (= ENISA) identified the most common cyber challenges/threats and issu…
5 Retweets 8Read More
⚠️ Have you been the target of a DDoS/ransomware attack, or even an extortion attempt? If this happens, don't worry…
3 Retweets 2Read More
https://t.co/a0lf7SPB37 Want to see more interesting facts, data and insights from the Cyber- & DDoS Attack threats…
15 Retweets 8Read More
❗ ️Warning: New wave of ransom DDoS attacks by Fancy Lazarus! Are you also affected? Don't worry, there are things…
6 Retweets 3Read More
Electronic Arts has suffered a big data breach resulting in hackers getting away with important source code for gam…
1 Retweets 1Read More
https://t.co/HqsAkp4Wk2 Are you passionate/curious about cybersecurity? Subscribe to our monthly Newsletter and sta…
7 Retweets 4Read More