Cyber Monday – Make sure YOU show up!

Today is Black Friday, traditionally named because it was the day where retail sales altered merchant’s balance books from red to black. The Internet and the current Covid-19 crisis have effectively made this annual shopping festival nothing but symbolic. The true event will occur in three days with Cyber Monday. Most retailers, however, have already altered their business models and black Friday has become Cyber Black Friday blurring the lines between the two events.

I have previously written about RDDOS or Dedicated Denial of Service for Ransom. This is a double punch attack on Internet services that combines a traditional DDOS offensive with demand for payment to make it stop. What better time to launch such an attack than the days preceding the largest Internet sales event of the year?

Cloudflare recently published their “DDOS Attack Trends for Q3 2020” report. The authors open the report with the claim “DDOS attacks are surging” and note that observed attacks have doubled from what was recorded in Q2.

The report spends significant space detailing the emergence of Ransom based DDOS attacks and specifically calls out cyber threat groups Fancy Bear, Cozy Bear, and Lazarus Group or Stardust Chollima as known by Crowdstrike.

The article proposes that many times the attack is never carried out as just the threat of a DDOS campaign causes enough concern to cause the victim business to pay a ransom. The authors do not provide any documentation to prove this assertion, but I believe it is probably true. At a minimum, the attackers only launch a low-level disruption to show the victim business the capability exist to spoil the biggest shopping day of the year. This opens the door for copycat attackers or even “script-kiddies” to launch very lucrative campaigns. All a deviant needs is access to some moderate computing power and a bitcoin wallet. They need only launch a mild attack to create a noticeable service disruption and then send a demand letter to the business. How easy is it to copy a demand letter from one of the legitimate threat groups and substitute in your bitcoin wallet address? The victim business has no idea if they are under attack from a state-sponsored criminal group or the 19-year-old wannabe hacker who works part-time in the computer lab at his university.

A business owner getting an RDDOS demand letter has few options. In reality, there is no quick and efficient way to determine who is threatening them and what damage their computing system is capable of inflicting. Roll the dice and ignore the demand or pay-up and home the attacker has some sense of honor and won’t launch the attack anyway. Of course, paying only shows you are willing to submit which will result in the attacker coming back for seconds. They always come back.

The best course of action for any business conducting commerce through the Internet is to proactively prepare for such attacks by assessing their risk and mitigation options. Contact Internet Service Providers and Web Hosting Service to see what services they offer. Many offer limited DDOS protections as part of business-class subscription plans and that might be enough to thwart the attack. Larger businesses – aka big game targets – should consider a fully managed DDOS mitigation platform. Several companies offer mitigation services including Cloudflare, Akamai, and Imperva.

Yes, these services are expensive but so is paying a ransom. And nothing is more costly than having your business shut off from the world on the busiest shopping day of the year.

#ransomware #cybercrime #cyficrime