Travelex didn’t pay the ransom this time and instead survived a DDoS attack launched by hackers as some kind of warning shot and then a second barrage. “Everyone behind this probably thought Travelex should be an easy target based on what happened at the start of the year,” says Greg Otto, a researcher at Intel471. “But why should you pressure a company that may have made efforts to enhance its security? I understand the logic, but I also think there are loopholes in that logic.” Travelex did not respond to WIRED’s request for comment about the August extortion attempt.
Blackmail DDoS attacks have not been particularly profitable to fraudsters, as they do not have the extreme urgency of something like ransomware, when the target is already being compromised and they may be desperate to regain access. And while this has always been a weakness of strategy, the threats may be less powerful now that robust DDoS services are popular and relatively inexpensive.
“In general, DDoS as a method of extortion is not as profitable as other types of digital blackmail,” says Robert McCardle, director of forward-looking threat research at Trend Micro. “It’s a threat to do something versus the threat you have already done. It’s like saying, ‘Your house burned down next week.’ It’s a lot different when the house is on fire in front of you.”
Due to the intermittent effectiveness of DDoS, attackers are invoking notorious state-backed hacking groups in an effort to add urgency and risk. They are fearmongers, Otto says. And attacks are likely to succeed at least sometimes, given that the attackers keep returning to style. For example, Radware noted that in addition to impersonating Fancy Bear and Lazarus Group, the attackers were also dubbing “Armada Collective,” a nickname that DDoS actors have taken on for blackmailing numerous times in recent years. It is unclear whether the actors behind this incarnation of the Armada group had any connection to earlier generations.
Although most organizations with digital defense resources can effectively protect themselves from DDoS attacks, researchers say it is still important to take these threats seriously and invest in robust protection. The FBI reinforced this message in a publication in early September about actors posing as a fictional bear. She stated that at the beginning of August, thousands of organizations around the world began receiving extortion notes.
“Most organizations that reach the six-day mark have not reported any additional activity or have successfully reduced activity,” wrote the FBI. “However, several prominent institutions reported follow-up activity that affected operations.”
Although the attacks may not be a disincentive to most targets as ransomware does, they can still pose an annoying threat to organizations that do not have adequate DDoS defenses. And with so many other types of threats to navigate, it is easy to imagine that intimidation tactics could work often enough to make attackers worth it.
This story originally appeared wired.com.