Akamai dealt with an 800Gbps ransom DDoS against a gambling company

Akamai has recently involved in the mitigation of two of the largest known ransom DDoS attacks, one of them peaked at 800Gbps.

CDN and cybersecurity firm Akamai warns of a worrying escalation in ransom DDoS attacks since the beginning of the year.

The company recently mitigated three of the six biggest volumetric DDoS attacks it has ever dealt, two of which were ransom DDoS attacks.

One of these two ransom DDoS attacks targeted a gambling company in Europe and peaked at 800Gbps, but the most worrisome aspect of the attack was its sophistication.

According to the company, the rise of the Bitcoin price is motivating the cybercriminals in intensifying their efforts and their attack bandwidth to carry out powerful attacks with extortion purposes.

“The most recent extortion attack — peaking at more than 800 Gbps and targeting a European gambling company — was the biggest and most complex we’ve seen since the widespread return of extortion attacks that kicked off in mid-August 2020. Since the start of the campaign, show-of-force attacks have grown from 200+ Gbps in August to 500+ Gbps by mid-September, then ballooned to 800+ Gbps by February 2021.” reads the analysis published by Akamai. “But the size of the extortion attack wasn’t the only notable characteristic of the actors’ modus operandi.”

The Akamai Security Intelligence Response Team’s threat advisory team revealed that crooks used a previously unseen DDoS attack vector that leveraged a networking protocol known as protocol 33, or Datagram Congestion Control Protocol (DCCP).

“A reflected attack using DCCP would be akin to a SYN-ACK reflection.  The attack would look like a spoofed DCCP-Request (54 bytes) flood to actual DCCP listening hosts.  The DCCP enabled host would in turn attempt to complete the handshake with the spoofed source, resulting in a  DCCP-Response (62 bytes) reflection.” explained Akamai’s researchers Chad Seaman.

DCCP DDoS volumetric attacks are very insidious because they cannot be mitigated by defenses implemented against TCP/UDP-based attacks.

Akamai researchers also warn of multivector DDoS attacks which combine multiple vectors in a single attack trying to increase the likelihood of disrupting the back-end environments of the targets. The company estimated that 65% of DDoS attacks launched against customers were multi-vector.

“It’s clear from our attack trends and observations that 2021 will continue to be a year full of DDoS surprises, but that doesn’t mean you can’t be prepared.” concludes the analysis. “As we like to say, it’s most important to “prepare during peacetime” so your organization isn’t left to go it alone or scramble for defenses while under attack.

Looking ahead, our DDoS attack forecast continues to anticipate attack growth on four fronts:

1. number of DDoS attacks
2. number of large DDoS attacks (> 50 Gbps)
3. number of industries targeted with DDoS
4. number of organizations targeted with DDoS“

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, ransom DDoS)

[adrotate banner=”5″]

[adrotate banner=”13″]