DDoS Extortion Hack: A New Threat Emerges on the Internet

DDoS Extortion Hack

The cyber security landscape is still experiencing new threats emerging every now and then... And, there’s a new kind of hack that has to be looked out for – DDoS Extortion threat!

The cyber world has seen a lot of the well-established Ransomware and DDoS hacks, but in the recent past a new method has blended the components of both of these attacks, giving rise to DDoS extortion attacks. 

Industry experts, who’ve studied these attacks so far, feel that the entire process follows a very professional approach. At first, the target will receive an email detailing who the hackers are and also connecting to some latest blogs about their extortion methods. The email demands for a specific amount of fee (anywhere from 40 Bitcoin to hundreds of it) to be paid failing which a vast DDoS hack would be initiated. On the other hand, few emails will reach only after the hack has been initiated, demanding for a ransom to be paid to stop the attack or for a part of the demand to be paid to reduce the severity of the attack.

Few of these attacks begin slowly, but scale up big (up to even 400-500 Gbps). Though such hacks are usually not that strong, they might last for up to eighteen hours, which is adequate time duration for any business to be affected big.

As of now, DDoS extortion attacksdon’t seem to target any particular industry as such, though the general theme is that they appear to be targeting businesses that depend on online transactions to function like currency exchanges or financial institutions.

Experts who’ve been studying these attacks say that the hackers could be using the extortion component just as a means of diversion, which implies the customer focuses on the high-end volumetric hacks when the hackers are really aiming at a local application with completely different intent of attack. This implies that offenders could be targeting attacks on local applications, which may involve any kind of entry into the app itself. Thus, their aim is not to disrupt a service or website, but to enter the application and steal confidential details like financial details, credentials or personal data.

Many targets may just assume the email to be spam and ignore it, but it’s not advisable keeping security in mind. Instead, targets should consider mitigation of the hack. It’s possible to mitigate using a combination of cloud-based and on-premises anti-DDoS security technologies. Through a hybrid approach, companies can mitigate such hacks that get launched externally and also deal with the local-level hacks that target the application layer.

Cloud-oriented technologies are effective to stop DDoS hacks up to 500 Gbps. On-premises technologies can be used to stop application level and local network hacks, which might occur if it’s just a diversion tactic). As a result, considering just one of these wouldn’t work; rather, a hybrid approach is the best way to defend your business from the cyber criminals and hackers.