Warning of Serious DDoS Blackmail Campaigns Attributed to Fancy Bear Group
Since mid-October 2019, companies in the payment, entertainment and retail sectors have been receiving DDoS extortion and blackmail emails which claim to come from the Fancy Bear cyber espionage group. The Link11 Security Operation Center is warning organizations about the DDoS attacks launched by these perpetrators, which primarily target the Origin infrastructure of the companies.
Since mid-October, companies targeted in this extortion campaign receive emails saying: "We are the Fancy Bear and we have chosen XXX as target for our next DDoS attack." While the perpetrator or perpetrators claim to be from Fancy Bear, they have little in common with the Russian hacker group that is supposed to have attacked the internal network of the Bundestag in 2014/2015. But
The blackmailers are directing their extortion attempts again organizations in the payment, entertainment and retail sectors. They demand ‘protection money’ of 2 Bitcoin (equivalent to approx. 14,200 euros, as of 23 October 2019), and if payment is not received, they launch an initial warning attack, and warn victims that they have between 2 and 4 days to pay the protection money. If no payment is received at the specified Bitcoin address, another attack is launched at the victim. The extortion e-mails contain victim-specific Bitcoin addresses.
The extortion emails contain wording which is closely linked to the protection money demands of DDoS blackmailers from spring 2016. Under the name Kadyrovtsy, they had attacked several banks and online marketing companies. Read the full extortion mail.
Large-Volume Attacks use new DDoS Vectors
Unlike many DDoS blackmail imitators who bluff, this group claiming to be Fancy Bear doesn't just leave it at extortion mails. The perpetrator(s) underline the seriousness of their demands with warning attacks of up to 60 Gbps. In the long-lasting demo attacks, the attackers use not only the well-known reflection amplification vectors DNS, NTP and CLDAP, but also two new attack techniques: WS Discovery and Apple Remote Control.
Origin Infrastructure under Attack
A notable feature of these attacks is that they are not aimed at the target organization’s homepage, but at areas in the corporate IT infrastructure which are often inadequately protected. These include, for example, original IP addresses and original servers. Even if companies have implemented DDoS protection, they can be defenceless against the attacks. Only a Site Shield prevents direct access to the company's Origin infrastructure and protects the origin of websites and applications from overload by DDoS attacks.
Recommended Protective Action: Secure Original Server
LSOC advises all companies to check whether their existing DDoS protection covers subdomains and their Origin infrastructure in addition to the domain name. Furthermore, the IP address of their original server should not be accessible directly from the Internet. It is recommended that a Site Shield is implemented for this purpose.
In order to protect the IT infrastructure as a whole, it is important to check all traffic for DDoS attacks and filter it if necessary. Despite Site Shield and good firewall solutions, perpetrators can attack the infrastructure directly and exhaust the bandwidth.
The attacked companies should under no circumstances respond to the extortion and instead file a complaint with the law enforcement authorities.
Stay updated on current DDoS reports, warnings, and news about IT security, cybercrime and DDoS protection.
Follow Link11 on Twitter
The Link11 360° degree DDoS Protection is... ➡️ Smarter: AI-based Whitelisting approach ➡️ Faster: Attack mitigati…
5 Retweets 4Read More
The European Organisation for Safety of Air Navigation revealed new cyber security statistics!…
1 Retweets 3Read More
➡️ Link11 Report discovers record number of DDoS attacks in first half of 2021. 1) DDoS at…
9 Retweets 7Read More
The European Union Agency for Cybersecurity (= ENISA) identified the most common cyber challenges/threats and issu…
5 Retweets 8Read More
⚠️ Have you been the target of a DDoS/ransomware attack, or even an extortion attempt? If this happens, don't worry…
3 Retweets 2Read More
https://t.co/a0lf7SPB37 Want to see more interesting facts, data and insights from the Cyber- & DDoS Attack threats…
15 Retweets 8Read More
❗ ️Warning: New wave of ransom DDoS attacks by Fancy Lazarus! Are you also affected? Don't worry, there are things…
6 Retweets 3Read More
Electronic Arts has suffered a big data breach resulting in hackers getting away with important source code for gam…
1 Retweets 1Read More
https://t.co/HqsAkp4Wk2 Are you passionate/curious about cybersecurity? Subscribe to our monthly Newsletter and sta…
7 Retweets 4Read More
Proven and robust cyber security can have a positive impact on a company's credit rating - or damage it if the impl…
2 Retweets 2Read More