Notorious Bitcoin extortion group DD4BC is aiming higher with its attacks in 2015, with the group said to be now targeting major corporations and financial institutions.

The group, who uses distributed denial of service (DDoS) attacks as part of their extortion attempts, was found to have targeted 114 customers of cloud and content delivery network company Akamai Technologies, Inc., since April this year, Akamai states in a newly released cybersecurity case study.

“DD4BC has been using the threat of DDoS attacks to secure Bitcoin payments from its victims for protection against future attacks,” Akamai Senior Vice President & General Manager, Security Division, Stuart Scholly said in a statement. “The latest attacks – focused primarily on the financial service industry – involved new strategies and tactics intended to harass, extort and ultimately embarrass the victim publicly.”

Aiming high

The group, whose initials are borrowed from the old joke political campaign “Drunk Drivers for Bush Cheney,” first came to wider attention in 2014 when it started targeting various companies with DDoS attacks in return for Bitcoin payments, and as we reported in February this year, not without irony some of those targeted companies included Bitcoin exchanges and wallet providers.

According to the Akamai report, the group uses e-mail to inform its target that a low-level DDoS attack will be launched against the victim’s website if it does not cough up a Bitcoin payment, varying in amount depending on the size of the company targeted.

From June through July 2015, the attacks, now targeting financial services, media and entertainment, online gaming and retailers, increased from low-level to more than 20 Gbps in some cases when the initial demand for payment wasn’t met.

DD4BC would then demand a Bitcoin ransom to protect the company from a larger DDoS attack designed to make its website inaccessible.

In a new, upgraded extortion version of their usual style, DD4BC is said to have started to recently threaten to expose targeted organizations via social media, adding to the damage caused by the DDoS attack itself.

“The goal apparently is to garner more attention for the group’s ability to create service disruptions by publicly embarrassing the target and tarnishing the company’s reputation through these wide-reaching channels,” the report notes.

Attack methodology by the group is usually via use of multi-vector DDoS attack campaigns, including Layer 7 DDoS in multi-vector attacks, and interestingly (given the vulnerability has been around for so long as a security risk) often by concentrating on the WordPress pingback facility to overwhelm the targeted site.

Threat Mitigation

Akamai recommends that companies in general, not only those targeted by DD4BC, deploy anomaly- and signature-based DDoS detection methods to identify attacks before a website becomes unavailable to users; distribute resources to increase resiliency and avoid single points of failure due to an attack, and implement Layer 7 DDoS mitigation appliances on the network to reduce the vulnerability of critical application servers.

Naturally anyone targeted by the group should report the extortion attempt to local law enforcement officials as well.

Image credit: articnomad/Flickr/CC by 2.0