Cyber Extortion: The hidden risks of connecting your business to raw Internet feeds

DDoS attacks are at the forefront of cybersecurity issues today. Having evolved since the early days of Denial of Service attacks, today’s threats are more sophisticated, multidimensional, and designed to take down online services and quickly as possible. Popularised by hacktivist groups such as Anonymous and Izz ad-Din-al-Qassam Cyber Fighters as a form of political protest, DDoS has become an attack vector that is no longer a minor nuisance, but a serious threat.  The most often reported reason for a DDoS attack is hacktivism, but one of the more insidious motivations is that of cyber extortion.  Cybercriminals have found that threatening organizations with DDoS attacks unless they pay a ransom is an increasingly effective way to earn money.

What is particularly problematic about DDoS attacks is that they are increasing in power and sophistication year-on-year.  Initially, they were often perpetrated by bedroom hackers and were relatively easy to combat with traditional security devices, but they have now become so sophisticated that traditional security solutions, even next-generation firewall technologies are not designed to protect against these attacks.

Cybercriminals are smart.  They understand the value of businesses operating online and target those companies that rely heavily on the Internet for the success of their operation.

The current issue with assessing the threat of cyber extortion is that it often goes unreported, which is concerning, but at the same time understandable. There are many companies that are not likely to disclose such incidents unless required by law.  For many, it seems that the more expedient option, as they see it, is to quietly pay the ransom demand rather than publicly disclose the issue.  They would prefer to avoid the associated negative publicity and brand degradation.  With that in mind, it is very difficult to estimate the true extent of the problem, yet it is an issue that appears to be gaining momentum based upon the number of businesses now seeking guidance or protection.

Cybercriminals understand the dynamics of consumer brand loyalty to online services.  If they can’t access their preferred website they may head to a competitor’s site to conduct their transaction, or even question the viability of that preferred company due to the poor experience.  It is estimated that a business suffering a DDoS attack lasting just a few hours can see an impact on revenue that exceeds £100,000 for a single incident.

Some organizations may consider paying a DDoS ransom as a cost of doing business online.  The threat of a DDoS attack is usually timed for maximum effect and the attackers look to justify the size of the ransom demand based on the potential financial impact of a sustained and successful DDoS attack.  In other cases, the ransom is an initial test to gauge how far the company would go to stop the onset of an attack.  The more common ransom amounts tend to be relatively low for businesses, compared to the potential losses a DDoS attack could cause, meaning companies are often tempted to view this as a nuisance and just pay up.  Of course, for companies that pay the ransom, there is no guarantee the attack will cease, and most certainly it won’t prevent future attacks.

Businesses that understand the risk associated with a DDoS attack are implementing the first line of defense approach for protecting online services, defeating the problem at the very edge of the raw Internet connection.   On the other side of that coin, we still find that many organizations continue to rely on traditional security solutions, like firewalls, IPS’ WAF’s, etc., to bear the brunt of the attacker’s network traffic. These devices provide little protection as they are simply not designed to deal with these types of attacks.

With DDoS attacks and cyber threats constantly evolving there is increasingly a need to inspect, analyze and respond to all types of traffic before reaching critical resources deeper in the network; allowing businesses the ability to operate without noticeable service degradation while under attack. Simply put, revenue-generating online activity can continue seamlessly with the first line of defense protecting the network infrastructure from DDoS attacks and cyber threats.