Akamai Diversity

The Akamai Blog

DD4BC Escalates Attacks

DD4BC, a malicious group responsible for several Bitcoin extortion campaigns last year, is expanding its extortion and distributed denial of service (DDoS) campaigns. In recent days, Akamai has had to protect a growing number of customers from these attacks.

Researchers from Akamai's PLXsert and CSIRT teams continue to research DD4BC's threats and attack activity, and this afternoon released a new bulletin to Akamai customers through the company's Luna portal and Akamai Community.
Over the past week, several customers have received ransom emails from this band of chaotic actors. DD4BC continues to inform victims that they will launch a DDoS attack of 400-500 Gbps against them. To date, however, DD4BC attacks mitigated by Akamai haven't measured more than 15-20 Gbps.

Based on the latest attacks launched and the IPs correlated, we were able to identify over 1400 IPs most likely coming from booter-stresser sites. The growing number of industries under threat include the following:

  • Payment Processing
  • Banking & Credit Unions
  • Gambling
  • Oil & gas
  • E-Commerce
  • High Tech Consulting/Services
Akamai believes that the best defense against any potential security vulnerability or DDoS threat includes a proactive strategy of educating oneself on the types of attacks, the mindset of the attackers, and the pros and cons of each type of attack mitigation service or provider. Cyber threats are evolving dramatically and technology advancements allow for more sophisticated cyber attacks at a more economical rate to the malicious actor.

Customers: What you can do

The Akamai Security Operations Center is open 24/7, and our vast cloud-based mitigation platform is ready to respond. However, there are some proactive steps you can take:

  • Review your playbook with IT and security staff to ensure you are prepared and know what to do in the event of an attack.
  • Ensure all contact numbers and email addresses for key staff have been updated and are correct.
  • Ensure all critical staff are available - if staff are on vacation or absent due to sickness, make sure their responsibilities are covered by others.
  • Stay in close contact with the Akamai SOC and check the Akamai Community Security page for updates: https://community.akamai.com/community/cloud-security/security-research-and-intelligence
Companies also need to:
  • Make Security Incident preparation a corporate-wide initiative.
  • Keep IT management in the loop about potentially controversial corporate dealings or policies with social justice or political overtones.
  • Stay informed about Security Vulnerabilities/ DDoS attack trends.
  • Validate your mitigation service.
  • Create and test your Security playbook.
  • Monitor social media.
  • Monitor corporate-sponsored social media pages, blogs and message boards for inflammatory postings by customers and employees.
  • The target of an attack might not be the company itself, but rather the author of a specific blog post or message, and the company could be brought down in the crossfire.
  • Don't ignore threats.
  • Don't ignore e-mails, texts, and other communication that make extortion or blackmail threats.
  • Alert IT and your Security services provider that the company has become a live target and take defensive action.
  • Pay attention to threatening emails and phone calls.
  • Alert law enforcement.

Leave a comment