DDoS Attacks On Financial Services Including PayPal & MoneyGram
Over the last few weeks a group of cybercriminals has reportedly been launching distributed denial of service (DDoS) attacks against financial service providers while demanding bitocin payments as extortion fees for the attacks to stop.
This type of attack, according ot ZDNet, is known as ‘DDoS-for-Bitcoin’ and was first seen in the Summer of 2016, although the group that’s currently active is believed to have “above-average DDoS skills.”
Distributed denial of service attacks essentially flood the bandwidth of a particular system with traffic to the point it’s unusable. A source involved in DDoS mitigation reportedly told ZDNet that the group has targeted money transfer service MoneyGram, YesBank India, WorldPay, PayPal, Braintree, and Venmo, before moving to the New Zealand stock exchange (NZX).
While most DDoS-for-Bitcoin groups only distribute empty threats, this group has hit targets with attacks of up to 200 GB/sec worth of bandwidth. Moreover, instead of hitting victims’ public websites, the group targets backend infrastructure, DNS servers, and API endpoints.
Hitting the NZX, the group targeted its hosting provider Spark, causing outages in some of the firm’s other clients. NZX itself has had to shut down for three days in a row. Bloomberg quoted an NZX representative as saying:
We continue to address the threat and work with cyber-security experts. We are doing everything we can to resume normal trading tomorrow.
The group is said to have adopted names like Armada Collective and Fancy Bear, which have been used by more famous hacker groups. They first email companies demanding BTC as an extortion fee, and threaten to hit the victim with DDoS attacks to cripple their operations if they do not pay.
The hackers are also said to have shown some level of sophistication by often changing the protocols that were attacked, keeping defenders guessing what protections they would need to roll out. It’s unclear whether any firm paid the attackers bitcoin for them to stop.
It’s worth noting that the darknet’s largest market, Empire Market, allegedly exit scammed after being hit with multiple DDoS attacks that took it down. An anonymous employee said that before the market was shut down, its operators were paying $10,000 to $15,000 a week to keep DDoS attackers at bay.