Over the past couple of years we’ve seen a large increase in malicious hacking activity around extortion attempts (as opposed to “classic” data theft and banking trojans), which are comprised of targeting weak spots in both private users as well as large corporations.
More recently, the security community has started to see ransomware Trojans taking over sensitive files and encrypting them. Hackers then demand a few hundred dollars (usually paid with Bitcoin) in return for the decryption key.
Although most of the victims of ransomware are private users, there were many cases where companies and even law enforcement agencies (e.g. 1 2) were targeted.
Featured Download: Social media access at work. Do your employees know the rules?
One such strain was the CryptoLocker trojan, which was taken down in Operation Tovar after extorting over $3 million.
Creating ransomware such as CryptoLocker and orchestrating a extortion campaign can be a difficult task. However, DDoSing a specific company, especially online businesses, can be much easier.
All it takes to DDoS most websites is a simple script that bombards the webserver with requests. It doesn’t even require much bandwidth or a strong machine.
Though many companies have avoided paying the extortion fee – however nominal – and have spent more money on protection (Moz, Feedly, Basecamp, Authorize.Net). Others, however, have not been so lucky. Indeed, this year, we’ve seen that extortion campaigns can put a business out of business.
The attackers behind the Sony attack have gone to even greater lengths. After the attackers gained access to the company’s network, they started gathering sensitive information – including both corporate and personal information – releasing a small portion of it to the public while threatening to release the rest if their demands weren’t met.
According to reports, the attack started when a single server was compromised, and the attack spread from there.
This is a hard blow to Sony after a DDoS attack took down the PlayStation Network a few months ago and hackers claimed to have accessed the PlayStation Network.
As we’ve seen, these attacks can have a devastating effect on a company, its employees, and its clients. Releasing private data (dubbed ‘d0xing’ in internet slang) or losing it all is far from plain old data theft, and as these types of attacks gain popularity, CISOs will be under heavier pressure to work to prevent them.
By Ofer Gayer, Security Researcher, Incapsula
About Incapsula
Incapsula’s cloud-based Application Delivery service enables businesses to simplify their IT operations and reduce costs by consolidating multiple appliances and services into a single cloud solution. Enterprises get best-of-breed security, load balancing, failover and a global CDN, without having to deploy, manage and integrate separate products.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.