Advanced DDoS extortionists target NZX, Moneygram, Braintree, and other financial services
For the past weeks, a criminal gang has launched DDoS attacks against some of the world's biggest financial service providers and demanded Bitcoin payments as extortion fees to stop their attacks. One of the victims, the New Zealand stock exchange (NZX), has halted trading for the third day in a row following the attacks. Just this week, the group has attacked money transfer service MoneyGram, YesBank India, Worldpay, PayPal, Braintree, and Venmo, a source involved in the DDoS mitigation field has told ZDNet.
The attackers have been identified as the same hacker group mentioned in an Akamai report published on August 17, last week. The group uses names like Armada Collective and Fancy Bear — both borrowed from more famous hacker groups — to email companies and threaten DDoS attacks that can cripple operations and infer huge downtime and financial costs for the targets unless the victims pay a huge ransom demand in Bitcoin. Such types of attacks are called "DDoS extortions" or "DDoS-for-Bitcoin" and have first been seen in the summer of 2016.
In an update to its report added this Monday, on August 24, Akamai confirmed that the group launched complex DDoS attacks that, in some cases, peaked at almost 200 Gb/sec. The source also described the group as having "above-average DDoS skills." While previous DDoS extortionists would often target their victims' public websites, this new group has repeatedly targeted backend infrastructure, API endpoints, and DNS servers -- which explains why some of the DDoS attacks this week have resulted in severe and prolonged outages at some of their targets.