The extortion group known as DD4BC has stepped up the number of attacks this year and is now targeting the financial services industry, according to a new report.
Akamai Technologies, a content delivery network and cloud services provider which produced the report, has identified 114 attacks carried out by DD4BC since April 2015.
Stuart Scholly, senior vice president and general manager at Akamai’s security division, said in a statement:
“DD4BC has been using the threat of DDoS attacks to secure bitcoin payments from its victims for protection against future attacks … The latest attacks – focused primarily on the financial service industry – involved new strategies and tactics intended to harass, extort and ultimately embarrass the victim publicly. “
Additionally, the company says in its report that the new attacks include more aggressive measures that also target the brand’s reputation using social media.
More aggressive methodology
According to the findings, the group’s typically uses multi-vector DDoS attack campaigns, whilst revisiting previous targets and incorporating Layer 7 DDoS in multi-vector attacks, focusing on WordPress’s pingback vulnerability.
This vulnerability, the researchers said, is then repeatedly exploited to send reflected GET requests to the target, thus overloading its website.
Reports linking DD4BC to DDoS attacks targeting various organizations in Switzerland, New Zealand and Australia surfaced earlier this year.
DD4BC was also credited with propagating a wave of attacks against bitcoin mining pools and a variety of bitcoin-related websites and services in the past.
Cyber investigation image via Shutterstock.