A new survey has IT pro’s scared to death, if it’s results are correct about the threat of DdoS extortions.
IT security professionals are in an uproar over a DdoS-extortion attack sometime in the next year. A new report show that about 80 percent of them fear they’ll be targeted in such attacks within the next 12 months. Corero Network Security released the report, that is based off of a 103 attendee survey taken at the Info security Europe event in London.
These attacks ae one of the most popular tools in a hacker’s arsenal these days. These distributed denial of service attacks work by flooding the targeted victim with traffic. Mainly done with an army of botnets, so that it would seem that millions of people are all visiting the site at that one particular time.
DdoS attacks have been brought to popularity in the public eye by hacktivists, but is widely employed by cyber criminals the world over. The possibility of extortion is what worries the IT pro’s the most. DD4BC became famous for their run of unforgiving DdoS attacks on websites until the victims handed over a few BTC. Although several members of the group were arrested, they’re tactics worked, and aren’t difficult to mimic.
“Attackers have never before been able to communicate with they’re victims anonymously, launch they’re attacks, and get paid. Until now. With the proliferation of tools such as The Onion Router, which facilitate the Dark Web, or Dark Net, cyber-criminals can freely communicate with the organizations they wish to target. To get paid, the attacker can simply demand Bitcoins, as it is an anonymous digital currency,” CSO at Fields, Justin Harvey said in an interview.
The ones who took the survey seem to lack the faith that their organizations will take a stand against the ransoms, if it would ever happen. Nearly 43 percent of them said that they would pay the ransom should it ever happen.
The other 51 percent blamed ISP’s for not providing enough defense against the DdoS attacks in the first place. Along with this, 24 percent said that if a DdoS attack did happen, the blame should go toward the ISP, and 21 percent said they would switch providers if decent protection against the attacks were not provided.
“internet bandwidth is comprised of a wide variety of traffic flows. While the majority of traffic is legitimate, significant portions are sometimes unnecessary and increasingly damaging. These flows can range from distributed denial of service attacks to malware or botnet related activity,” COO at Corero Network Security, Dave Larson said.
“An ISP’s function has traditionally been to pass traffic from one destination to another, without judgement about the content. However, in order for the internet to thrive and ISPs to continue to protect their own infrastructure, and that of their downstream customers, internet security and neutrality must co-exist. DdoS attacks leave the critical infrastructure of an ISP at risk for massive outages that impact all traffic flow, not just select streams. Net neutrality is generally a policy geared towards fairness; but to put all flows at risk by treating the bad traffic fairly seems to be a step beyond what was intended,” he added.