Rise of bitcoin extortionist group threatens HK banks says Akamai

Some regional banks in Hong Kong have been preyed upon by bitcoin extortionist group known as DD4BC, according to Akamai Technologies.

John Ellis, Chief Strategist for Cyber Security, APJ, Akamai“In Asia, we saw the initial round of activity by DD4BC in Australia and New Zealand. We have seen it in Hong Kong with some of the regional banks. We are also seeing it happening in South Korea and Japan,” said John Ellis (photo left), chief strategist for cyber security, Asia Pacific and Japan at Akamai.

DD4BC started in North America a year ago and has been threatening to launch DDoS attacks on corporate servers to disable their targets unless a bitcoin ransom is paid. According to Akamai, initial demand requests average 10-20 bitcoin. However, ransom demand can range as low as 1 bitcoin, to as much as 100 bitcoins. The current exchange rate is approximately US$230 per bitcoin. There is no true rationale why a specific amount is requested.

To date, the banking sector is its biggest focus although it has expanded its sights to other vertical markets as well.

Between September 2014 and August 2015, Akamai’s Prolexic Security Engineering & Research Team (PLXsert ) has mitigated a total of 141 confirmed DD4BC attacks against Akamai customers. Of those attacks, the average bandwidth was 13.34Gbps, with the largest DDoS attack recorded at 56.2 Gbps.

“We have different things that we can do at the edge of the Internet [to mitigate the DDOS attack] so that there is no impact in the backend. The customer’s environment continues to operate irrespective of the fact that they are under attack,” Ellis said. Akamai is deployed on over 200,000 edge servers in over 100 countries.

More aggressive attacks

As DD4BC is starting to flex its muscles in markets outside North America and Europe, Akamai is warning companies in Hong Kong to brace themselves against more aggressive tactics from the extortionist group.

“The latest attacks – focused primarily on the financial services industry – involved new str4ategies and tactics intended to harass, extort and ultimately embarrass the victims publicly,” Stuart Scholly, senior vice president and general manager of the security division at Akamai, said in a statement.

According to research from PLXsert, DD4BC recently threatened to expose targeted organizations via social media, adding to the damage caused by the DDoS attack itself. The goal apparently is to garner more attention for the group’s ability to create service disruptions by publicly embarrassing the target and tarnishing the company's reputation through these wide-reaching channels.

The group’s methodology typically includes use of multi-vector DDoS attack campaigns, revisiting former targets and also incorporating Layer 7 DDoS in multi-vector attacks, specifically concentrating on the WordPress pingback vulnerability. This vulnerability is exploited to repeatedly send reflected GET requests to the target to overload the website.

Akamai researchers have seen this attack method incorporated into DDoS booter suite frameworks.

Proactive approach to security

Paul Jackson, managing director, Stroz FriedbergPaul Jackson (photo right), former head of cybercrime in the Hong Kong Police and now managing director at Stroz Friedberg, noted that companies need to take a more pro-active approach to security.

Stroz Friedberg specializes in risk management with special emphasis on intelligence and investigation.

“We more proactive posture rather than waiting for something bad to happen. At the end of the day, that adds more value to a firm; and, nowadays brand value is associated with security.”

He added: “Criminal ingenuity knows no bounds. Unfortunately, there is an underground community that is equally ingenious and they look at these new technologies and they look for ways to either compromise these new technologies or use these new technologies to commit fraud or they would leverage these new technologies for other crimes such as money laundering.”

Editor's note: This article first appeared on Commputerworld Hong Kong.