Although DDoS extortion is not a brand-new hacker tactic, there have been some recent developments. The use of Bitcoin as a payment method stands out among them. DD4BC (DDoS for Bitcoin) is a hacker (or hacker group) who has been found to extort victims with Attacks using DdoS that demand Bitcoin payment DD4BC seems to focus on the gaming and payment processing industries that use Bitcoin.
According to reports, the group demanded 1 Bitcoin in November 2014 in exchange for assisting the website in strengthening its defenses against DDoS attacks. The note was sent to the Bitalo Bitcoin exchange. At the same time, DD4BC executed a small-scale attack to demonstrate the exchange vulnerability to this method of disruption. But Bitalo ultimately decided not to pay the ransom. Instead, the website accused DD4BC of extortion and blackmail, and offered a reward of more than USD $25,000 for information leading to the discovery of those responsible.
The plots share a number of traits in common. During these extortion acts, the hacker:
launches a preliminary DDoS attack to demonstrate that the hacker has access to the victim’s website (this can take anywhere from a few minutes to several hours).
Demands payment via Bitcoin while suggesting they are actually helping the site by pointing out their vulnerability to DdoS
Threatens more virulent attacks in the future
Threatens a higher ransom as the attacks progress (pay up now or pay more later)
These attacks can bring down unprotected websites. In a recent study, Arbor Networks found that the vast majority of DD4BC’s actual attacks were UDP amplification attacks that took advantage of weak UDP Protocols like NTP and SSDP. UDP flooding via botnet is a relatively straightforward, blunt attack in the cyberattack spectrum that simply overwhelms a network with unwelcome UDP traffic. These attacks are not technically difficult, and renting booters, botnets, and scripts makes them simpler.
The DD4BC gang typically targets layer 3 and layer 4 with DDoS attacks, but if this does not produce the desired results, they will/can move the attack to layer 7 with various types of loopback attacks using post/get requests. The initial assault typically ranges from 10 to 20 GBps. Although quite large, the actual threat is frequently not even close to this.
The group typically moves on after 24 hours of a sustained attack if a company does not comply with their demands and does not migrate this attack through different anti-DDoS services. However, you shouldn’t rely on this pattern to control your cyber security strategies.