IT disaster recovery, cloud computing and information security news

Long-lasting DDOS attacks make a return

The second quarter of 2017 confirmed that long-lasting DDoS attacks are back in business. The longest attack in the quarter was active for 277 hours (more than 11 days) – which is a 131 per cent increase compared to Q1. This is so far a record for the year, says the Q2 2017 botnet DDoS report from Kaspersky Lab.

Duration was not the only distinctive feature of the DDoS attacks between April and June. The geography of incidents has also seen a dramatic change with organizations with online resources located in 86 countries targeted in the second quarter (compared to 72 in Q1). The top 10 most affected countries were China, South Korea, USA, Hong Kong, UK, Russia, Italy, the Netherlands, Canada and France — with Italy and the Netherlands replacing Vietnam and Denmark that were among the top targets in Q1.

Targets of DDoS attacks included one of the largest news agencies, Al Jazeera, Le Monde and Figaro newspaper websites and, reportedly, Skype servers. In the second quarter of 2017, an increase in cryptocurrencies rates also led to cybercriminals trying to manipulate prices through DDoS. Bitfinex, the largest Bitcoin trading exchange, was attacked simultaneously with the launch of trading in a new cryptocurrency called IOTA token. Earlier, the BTC-E exchange reported a slowdown due to a powerful DDoS attack.

The interest of DDoS attack organizers in cash goes beyond manipulating cryptocurrency rates. Using this type of attack to extort money can be beneficial as trends in Ransom DDoS or RDoS demonstrate. Cybercriminals usually send a message to the victim demanding a ransom that ranges from 5 to 200 bitcoins. If the company refuses to pay, attackers threaten to organize a DDoS attack on a critically important online victim resource. Such messages can be accompanied by short-term DDoS attacks to confirm the threats are very real. At the end of June, a large-scale RDoS attempt was made by the group called Armada Collective, who demanded about $315,000 from seven South Korean banks.

However, there is always another way which has become more popular in the last quarter – Ransom DDoS with no DDoS at all. Fraudsters send out threatening messages to a large number of companies in the hope that someone will decide to be better safe than sorry. Demonstrations of attacks may never happen, but if just one company decides to pay, that brings profit with minimal effort from the cybercriminals.

Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.