Akamai Diversity

The Akamai Blog

Don't Let DDoS Extortionists Deliver a KO Punch

Since mid-August, a variety of threat actors (and copycats alike) have been targeting organizations across all industries globally, threatening impending DDoS attacks unless Bitcoin is paid out. It's apparent, as the campaign rages on, that some businesses must be paying the extortion demands, -- incentivizing the criminal activity. Others are procuring emergency DDoS defenses in order to withstand bandwidth-busting attacks and keep internet-facing infrastructure protected. As highlighted in our last blog, we've been busy ramping customers on to our DDoS mitigation platforms for rapid protection before the threat actors strike again. And based on recent activity, they desire a rematch.

What to Keep in Mind to Deliver a Counterpunch and Avoid an Extortion Payday

Round I: Come out swinging

In many cases, organizations had a WAF in place that was able to deflect some of the malicious DDoS traffic, but it wasn't enough to keep services and applications available and performing in an optimal manner against sustained attack jabs. The threat actors even pivoted from targeting web properties to origin backend infrastructure and DNS servers, taking down services completely.  DDoS defense today requires that businesses take a holistic approach to deploying security controls across web, DNS, and internet-based services and applications for end-to-end protection.

Round 2: Have a good corner man

With the latest extortion campaign, the attackers were thorough in their reconnaissance of customer environments and IP space, carefully selecting who and what to target for maximum disruption. While many businesses had DDoS mitigation solutions in place to protect mission-critical infrastructure, many didn't have defenses to protect disaster recovery sites or locations that housed more internal-facing, "corporate" services. When the criminal actors targeted these locations, it didn't take long for organizations to feel the blow of not having employee email and intranet available, which severely impacted employee productivity and customer service.

Round 3: Fight back like a champ

Time and time again, businesses reached out to us when their carrier-based DDoS solutions blackholed traffic without warning or degraded services too severely by dropping legitimate traffic during active mitigation. Today's threat actors have a robust arsenal of inexpensive toolkits and techniques to launch business disrupting DDoS attacks. Faced with threats fueled by increasingly common Gigabit internet speeds and the growing number of vulnerable IoT devices, many DDoS solutions cannot effectively combat today's volumetric attacks with high quality of mitigation. The time to engage the anti-DDoS heavyweight champs is now. 

Don't Find Yourself Down and Out

With a growing cast of criminal characters making the rounds again, does your DDoS mitigation provider have the stamina to go the distance? The overwhelming majority of our emergency integration customers that received an extortion email and subsequent attack were not hit again once DDoS defenses were in place -- a clear sign that the criminals moved on to vulnerable targets. And industries and verticals that are not typically considered to be at high risk of DDoS attacks are being impacted by the campaign, with many now deploying controls as an insurance policy and viewing the investment as the new cost of doing business. At the end of the day, DDoS extortionists will take the path of least resistance to get a shot at the title. Are you prepared to defend it?

Check out our DDoS Extortion Battle Plan for proactive tips on how to improve your defensive posture or click here to register for a custom threat briefing. If you are currently under attack or threat of extortion, reach out to the Akamai DDoS hotline, 1-877-425-2624, for immediate assistance.

For more technical details and additional resources, please see the following blog posts:  

DDoS Extortion Examination

Unprecedented Levels of Ransom DDoS Extortion Attacks

Ransom Demands Return: New DDoS Extortion Threats from Old Actors Targeting Finance and Retail