DDoS extortion is not a new trick for the hacker community, but there have been several new developments. Notable among these is the use of Bitcoin as a payment method. DD4BC (DDoS for Bitcoin) is a hacker (or group of hackers) who extort victims with DdoS attacks, which requires payment via Bitcoin. DD4BC It seems to focus on the gaming and payment processing industries that use Bitcoin.
In November 2014, the group issued a note to the Bitalo Bitcoin Exchange in exchange for 1 requesting Bitcoin to help the website improve its protection against DDoS attacks. At the same time DD4BC he carried out a small-scale attack to prove his weakness in exchange for this interrupted method. Bital eventually refused to pay the ransom, however. Instead, the site publicly accused the group of blackmail and extortion, and generated a prize of more than $ 25,000 for information about the identities of those behind DD4BC.
The plots have several common features. In these extortion actions, hackers:
It launches an initial DDoS attack (ranging from minutes to hours) to prove that the hacker is capable of compromising the victim’s website.
He demands payment via Bitcoin, while suggesting that they are really helping the website, pointing out their vulnerability to DdoS
It threatens more virulent attacks in the future
Threats more rescue as the attack progresses (pay now or pay more later)
These attacks can remove unprotected sites. A recent study by Arbor Networks concluded that the majority of actual DD4BC attacks were UDP Amplification attacks, using weak UDP protocols such as NTP and SSDP. In the spectrum of cyberattacks, botnet UDP flooding is a fairly simple attack that transcends a network with unwanted UDP traffic. These attacks are not technically complex and are facilitated by rented botnets, launchers, and scripts.
The usual pattern of the DD4BC gang is to launch DDoS attacks targeting layers 3 and 4, but if this does not have the desired effect, they will move to layer 7, with various types of loopback attacks with post / receive requests. The initial attack is usually on a scale of 10-20 GBps. This is pretty massive, but often not close to the real threat.
If a company does not comply with its requirements and the company does not migrate this attack through various anti-DDoS services, the group will normally move after 24 hours of a permanent attack. But you shouldn’t rely on this model to manage your cyber security tactics.