Bitcoin extortionist DD4BC increases attacks on financial services
Wed 9 Sep 2015
Prolific bitcoin extortion group DD4BC has ramped up the rate of its attacks over 2015, using new social tactics specifically in order to trap and tarnish the reputation of financial services companies.
According to a research study from Akamai Technologies, a cloud services and content delivery network (CDN) provider, 114 DD4BC attacks have been recorded since April 2015.
Akamai senior VP and security general manager Stuart Scholly commented: “DD4BC has been using the threat of DDoS attacks to secure Bitcoin payments from its victims for protection against future attacks […] The latest attacks – focused primarily on the financial service industry – involved new strategies and tactics intended to harass, extort and ultimately embarrass the victim publicly.”
The CDN company’s Prolexic Security Engineering and Research team (PLXsert) added that the new methodology included aggressive targeting of the brand’s reputation on social media.
The case study findings showed that the extortionist group was increasingly using multi-vector distributed denial of service (DDoS) attacks against large financial services companies, entertainment sites, online gaming and retail platforms, and typically played on WordPress vulnerabilities.
The flaws are repeatedly exploited by DD4BC, who revisit previous targets and incorporate Layer 7 DDoS. WordPress pingback vulnerability is a particular favourite, used to send reflected GET commands to the target, overloading its website. The group then demands a Bitcoin ransom to protect the company from a larger attack which would crash the site. The average attack bandwidth was 13.34 Gbps, with the largest DDoS attack reported at 56.2 Gbps, according to Akamai.
Target companies have been confirmed in various locations including Australia, Switzerland and New Zealand.
Since 2014 DD4BC has been the primary suspect behind a series of DDoS attacks against bitcoin mining pools including AntPool, GHash.io and NiceHash, as well as digital currency exchange Bitalo, which has a bounty fund of B110.0000 (approx. £17,000) for the proven identity of the blackmailer.