The last quarter of 2020 saw a wave of web application attacks that used ransom letters to target companies in various industries. According to her research Akamai, in most of these attacks, more than 200Gbps of traffic was sent to cybercriminals' targets, as part of an ongoing campaign higher Bits per second (BPS) and packets per second (PPS) than similar DDoS attacks had occurred a few weeks earlier.
Prior to August, these attacks focused on his industry Gaming. However, since August, these attacks have targeted financial institutions and other industries.
According to Akamai, none of the actors involved in these attacks were new, as most of the traffic was generated by reflectors and systems used to enhance traffic. The company said that using a common set of protocols to support a DDoS campaign is an indication of the use of new tools and configuration by cybercriminals, despite a campaign indication extortion.
However, many organizations have begun to take targeted e-mail with threats of DDoS attacks that would take place if the potential victims refused to pay the required ransom. Richard Meeus, director of technology and security strategy at Akamai, said the hackers were conducting a DDoS attack small-scale attack on the target organism and threatened to carry out a 1Tbps attack if the target did not pay a ransom.
In addition, Meeus pointed out that many DDoS campaigns begin by sending threatening letters to potential victims, without proceeding with similar actions. On the contrary, this campaign has shown in many cases that hackers can make the life of a target organization difficult.
While Akamai reported that many of the blackmail messages were "caught" by filters spam not all targets are willing to admit to receiving emails from intruders. The company said that this blackmail campaign for DDoS attacks is not over, but the cybercriminals behind it are modifying and evolving their attacks to make them difficult to detect by both victims and services law enforcement.
Richard Meeus said in an online seminar last week that Akamai had seen an increase in daily attacks - from one million in January this year to three million in September - most of them targeting financial services.
This campaign peaked in August and September and culminated, perhaps when the attackers thought they had moderated and began to change their tactics. This included executing three- and four-stage attacks, which typically target data centers, sites, and APIs.
Meeus also pointed out that there was a 200% increase in attacks against web application firewalls. Finally, he noted that DDoS attacks are coming in waves and ransom attacks have been going on for several years, with Akamai researchers successfully dealing with the perpetrators, but they are coming back as a blackmail technique works.