in

DDoS attacks that come combined with extortion demands are on the rise

There’s been a significant rise in distributed denial-of-service (DDoS) attacks accompanied by threats of extortion, with criminals demanding ransom payments in exchange for calling off an attack.

DDoS attacks pose problems for organisations when attackers flood servers and online infrastructure which requests for access, slowing down services or taking them fully offline, thus preventing legitimate users from accessing services at all – and cutting off business for the affected organisation.

While they’re not an especially advanced form of cyber attack, DDoS attacks still prove to be effective and cybersecurity researchers at Cloudflare have warned that some of the cyber criminals behind DDoS campaigns are becoming more prolific and more aggressive.

This includes large rise in the number of ransom DDoS attacks – when cyber criminals demand a ransom to stop a DDoS attack or to not conduct one in the first place. According to Cloudflare, ransom DDoS attacks increased by almost a third year-on-year between 2020 and 2021 and jumped  by 175% in the final quarter of 2021 compared to the previous three months. 

This included large-scale ransom DDoS attacks on voice over IP (VoIP) service providers. 

SEE: A winning strategy for cybersecurity (ZDNet special report) 

According to a survey by Cloudflare, just over one in five DDoS attacks was accompanied by a ransom note from the attacker during 2021. In December – a prime time for online retailers in the run up to Christmas, one in three of the organisations surveyed said they’ve received a ransom letter relating to a DDoS attack.

Targets on the receiving end of DDoS attacks can commonly include online retailers, online local governments, cloud-based business applications, streaming services and online games.

“Over the years, it has become increasingly easier for attackers to launch DDoS attacks,” researchers warned in the blog post.

There are number of steps organisations can take to avoid disruption as a result of DDoS attacks; these include using cloud-based hosting providers, deploying IP stresser services to test bandwidth capabilities and employing a DDoS mitigation service.

MORE ON CYBERSECURITY


Source: Information Technologies - zdnet.com

Microsoft: This macOS bug could bypass controls and access private user data

CISA adds 15 exploited vulnerabilities from Google, IBM, Microsoft, Oracle and more to catalog