#EdgeLive: DDoS Attacks Are Evolving into Extortion-Led RDoS Campaigns

Written by

Speaking as part of the Akamai Edge Live virtual conference, Akamai CEO Tom Leighton said cybersecurity may have become less of a consideration during the pandemic, but the level of attack the company has witnessed suggests the threat has not abated.

Leighton spoke of “an enormous increase in the number of attacks, the size of the attacks and the sophistication of the attacks.” In particular, Leighton highlighted the increased size of DDoS attacks, with one case reaching 1.5Tbps.

He said: “An attack of that volume is enough to saturate links into most countries; that is enormous, and big enough to take out any cloud data center.” Leighton also said a large number of financial services are being hit, with one example of 800 million packets per second “and you can imagine trying to fend off an attack of that scale, there is no way you can do that on your own, and no way your carrier is going to do that for you.”

He went on to highlight what he called “ransom DDoS attacks, or extortion attacks” where a demand requires you to pay some cryptocurrency, or you will be hit with a massive DDoS attack.

Roger Barranco, vice-president of global security operations at Akamai, explained that these types of attacks are different from ransomware. “Many businesses did receive extortion letters, and these letters are typically not shared publicly,” he said, showing one redacted example threatening an attack.

“Once a business is hit with a multi-vector threat campaign, particularly where the attack patterns match those used by several well-known extortion groups, it is clearly cause for alarm.”

Barranco said, in the case highlighted, the attackers had identified which company they were going after and who to the send extortion letter to, and went beyond traditional internet services and also targeted customer office buildings. “Typically any site that had a router connected to the internet was at risk,” he said.

“The fact is, there is no way for 99.9% of the world’s enterprises to defend against a determined attacker once the malicious traffic reaches their infrastructure. These attacks must be effectively fought near the attacker, far away from your network.”

Barranco also said that RDoS attack vectors are not unique, so attributing them to a campaign is difficult.

What’s hot on Infosecurity Magazine?