Cyber Crime

Akamai dealt with an 800Gbps ransom DDoS against a gambling company

Akamai has recently involved in the mitigation of two of the largest known ransom DDoS attacks, one of them peaked at 800Gbps.

CDN and cybersecurity firm Akamai warns of a worrying escalation in ransom DDoS attacks since the beginning of the year.

The company recently mitigated three of the six biggest volumetric DDoS attacks it has ever dealt, two of which were ransom DDoS attacks.

One of these two ransom DDoS attacks targeted a gambling company in Europe and peaked at 800Gbps, but the most worrisome aspect of the attack was its sophistication.

According to the company, the rise of the Bitcoin price is motivating the cybercriminals in intensifying their efforts and their attack bandwidth to carry out powerful attacks with extortion purposes.

“The most recent extortion attack — peaking at more than 800 Gbps and targeting a European gambling company — was the biggest and most complex we’ve seen since the widespread return of extortion attacks that kicked off in mid-August 2020. Since the start of the campaign, show-of-force attacks have grown from 200+ Gbps in August to 500+ Gbps by mid-September, then ballooned to 800+ Gbps by February 2021.” reads the analysis published by Akamai. “But the size of the extortion attack wasn’t the only notable characteristic of the actors’ modus operandi.”

Likely DDoS extortion attacks. Bubble size = Mpps; color = extortion attack profile. (Source Akamai)

The Akamai Security Intelligence Response Team’s threat advisory team revealed that crooks used a previously unseen DDoS attack vector that leveraged a networking protocol known as protocol 33, or Datagram Congestion Control Protocol (DCCP).

“A reflected attack using DCCP would be akin to a SYN-ACK reflection.  The attack would look like a spoofed DCCP-Request (54 bytes) flood to actual DCCP listening hosts.  The DCCP enabled host would in turn attempt to complete the handshake with the spoofed source, resulting in a  DCCP-Response (62 bytes) reflection.” explained Akamai’s researchers Chad Seaman.

DCCP DDoS volumetric attacks are very insidious because they cannot be mitigated by defenses implemented against TCP/UDP-based attacks.

Akamai researchers also warn of multivector DDoS attacks which combine multiple vectors in a single attack trying to increase the likelihood of disrupting the back-end environments of the targets. The company estimated that 65% of DDoS attacks launched against customers were multi-vector.

“It’s clear from our attack trends and observations that 2021 will continue to be a year full of DDoS surprises, but that doesn’t mean you can’t be prepared.” concludes the analysis. “As we like to say, it’s most important to “prepare during peacetime” so your organization isn’t left to go it alone or scramble for defenses while under attack.

Looking ahead, our DDoS attack forecast continues to anticipate attack growth on four fronts:

  1. number of DDoS attacks
  2. number of large DDoS attacks (> 50 Gbps)
  3. number of industries targeted with DDoS
  4. number of organizations targeted with DDoS

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, ransom DDoS)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

President Trump fired the head of U.S. Cyber Command and NSA

President Trump fired Gen. Timothy Haugh as head of U.S. Cyber Command and NSA President…

4 hours ago

Critical flaw in Apache Parquet’s Java Library allows remote code execution

Experts warn of a critical vulnerability impacting Apache Parquet's Java Library that could allow remote…

7 hours ago

CERT-UA reports attacks in March 2025 targeting Ukrainian agencies with WRECKSTEEL Malware

CERT-UA reported three cyberattacks targeting Ukraine’s state agencies and critical infrastructure to steal sensitive data.…

9 hours ago

39M secrets exposed: GitHub rolls out new security tools

39 Million Secrets Leaked on GitHub in 2024 GitHub found 39M secrets leaked in 2024…

11 hours ago

China-linked group UNC5221 exploited Ivanti Connect Secure zero-day since mid-March

Ivanti addressed a critical remote code execution flaw in Connect Secure, which has been exploited…

22 hours ago

Europol-led operation shuts down CSAM platform Kidflix, leading to 79 arrests

An international law enforcement operation shuts down Kidflix, a child sexual abuse material (CSAM) streaming…

1 day ago