The Internet Crime Complaint Center (IC3) has issued an alert regarding an increasing number of complaints from businesses hit by Distributed Denial of Service extortion campaigns via email. The FBI said it suspects multiple individuals are involved in these ransom plots.
In a typical extortion campaign, the targeted business receives an email threatening a DDoS attack on the company's website unless it pays a ransom. Ransoms, which are usually demanded in Bitcoin form, vary in price.
The FBI, which established the IC3 in partnership with the National White Collar Crime Center, warned that the attacks are likely to expand to online industries and other sectors, especially those susceptible to suffering financial losses if they are taken offline.
According to the cybersecurity intelligence firm LIFARS, DDoS attacks overwhelm targeted websites with bogus traffic, preventing legitimate users from accessing the website. Businesses that rely on online sales and other types of web-based services are at risk of losing money after such an attack.
Victims that do not pay the ransom receive a subsequent, threatening email claiming that the ransom will significantly increase if the victim fails to pay within a given timeframe. Some businesses reported implementing DDoS mitigation services as a precaution.
Threats vary from disrupting a firm's website, preventing customers from accessing it, to notifying victims that they will release personal data, which criminals obtain by hacking into the firm's database.
Businesses that experienced a DDoS attack reported the incidents consisted primarily of Simple Discovery Protocol and Network Time Protocol reflection/amplification attacks, with an occasional SYN-flood and, more recently, a WordPress XML-RPC reflection/amplification attack. The attacks typically lasted one to two hours, with 30 to 35 gigabytes as the physical limit.
DDoS attacks are becoming increasingly potent and are some of the most frequent types of cybersecurity incidents – 18% of respondents cited the attacks in a U.S. State of Cybercrime Survey, a collaborative effort between PwC, CSO, the CERT Division of the Software Engineering Institute at Carnegie Mellon University and the U.S. Secret Service.
And, a Verisign report found that DDoS attacks against the financial services industry doubled during Q4 2014 to account for 15% of all attacks. During Q1 2015, 18% of DDoS attacks took place within the financial services industry.
Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.
Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking credit union news and analysis, on-site and via our newsletters and custom alerts
- Weekly Shared Accounts podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical coverage of the commercial real estate and financial advisory markets on our other ALM sites, GlobeSt.com and ThinkAdvisor.com
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
Roy Urrico
Roy W. Urrico specializes in articles about financial technology and services for Credit Union Times, as well as ghostwriting, copywriting, and case studies. Also: writer/editor of a semi-annual newsletter for Association for Financial Technology since 1997 and history projects funded by the U.S Interior Department, National Park Service and Warren County (N.Y.).
