Net Effect

Is “aggregate-and-forget” the future of cyber-extortion?

Dancho Danchev, who is one of my most favorite bloggers on all things "cyber-security", has a great post about the rapidly changing market for DDOS attacks (btw, I think that the next supermegaduper-sequel to Freakonomics should definitely include a chapter about the markets for DDOS attacks) …a huge number of "boutique vendors" of DDoS services ...

Dancho Danchev, who is one of my most favorite bloggers on all things "cyber-security", has a great post about the rapidly changing market for DDOS attacks (btw, I think that the next supermegaduper-sequel to Freakonomics should definitely include a chapter about the markets for DDOS attacks)

…a huge number of "boutique vendors" of DDoS services remain reluctant to initiate DDoS attacks against government or political parties, in an attempt to stay beneath the radar. This mentality prompted the inevitable development of "aggregate-and-forget" type of botnets exclusively aggregated for customer-tailored propositions who would inevitably get detected, shut down, but end up harder to trace back to the original source compared to a situation where they would be DDoS the requested high-profile target from the very same botnet that is closely monitored by the security community.

The future of DDoS extortion attacks, however, looks a bit grey due the numerous monetization models that cybercriminals developed – for instance ransomware, which attempts to scale by extorting significant amounts of money from thousands of infected users in an automated and much more efficient way than the now old-fashioned DDoS extortion model.

Check Dancho’s original post to see sample text of a cyber-extortion letter; I’ll only post the bonus section here:

You will also receive several bonuses.

1. 30% discount if you request DDoS attack on your competitors/enemies. Fair market value ddos attacks a simple site is about $ 100 per night, for you it will cost only 70 $ per day.

2. If we turn to your competitors / enemies, to make an attack on your site, then we deny them.

 

Trending Now Sponsored Links by Taboola

By Taboola

More from Foreign Policy

By Taboola