Stresser/Booter Services Fuel DDoS ExtortionCybercrime Services Plus Social Engineering Equals Payday, Akamai Warns
While police continue to arrest distributed denial-of-service attack extortion suspects, such attacks have nevertheless continued.
See Also: IoT is Happening Now: Are You Prepared?
One such arrest occurred in December 2015, when police in Bosnia and Herzegovina collared two individuals suspected of being involved in the high-profile extortion group DDoS for Bitcoin (see Europol Announces DD4BC Arrests). Many security experts suspect that DD4BC members also launched attacks using the "Armada Collective" moniker.
But other criminals have been moving in to exploit related shakedown opportunities, using attacks and tactics that may have no outwardly different appearance (see Akamai: Beware of Copycat Extortionists).
"Since [the arrests], there's also been a wave of copycats, who send letters that are either very similar or exactly the same as what 'DD4' and Armada were sending," says Martin McKeay, a senior security advocate at Akamai. "But most of these copycats either don't have the capabilities of the attacks, which were at most 50 gigabits, or they just don't have any capability, and they hope that people cave in and pay them some money and they walk away having done nothing other than sending a threatening email."
The façade is easy to maintain, McKeay says, because attackers can inexpensively rent so-called stresser or booter services to temporarily disrupt targets, as a taster, while threatening to make the disruptions a long-term affair (see How Do We Catch Cybercrime Kingpins?).
From a victim's standpoint, however, experts warn that giving any money to attackers can lead to criminals coming back and demanding more (see Cyber Extortion: Fighting DDoS Attacks).
In this interview with Information Security Media Group conducted at the Infosec Europe conference in London, McKeay describes:
- The latest DDoS extortion tactics;
- How stresser/booter services are becoming increasingly commoditized;
- Best practices for defending against DDoS attacks.
McKeay is a member of Akamai's security intelligence team. Previously, he was a senior consultant at both Verizon Business and TrustWave, a product evangelist at StillSecure and a PCI quality security assessor and incident responder. He's a frequent speaker at information security conferences, having delivered presentations at AusCERT, BSides San Francisco, Hong Kong InfoSecurity Summit and RSA.
Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.