Statistics show that there are more hacks and exploits than ever before – from the hilarious Catfi.sh hack at Tinder which resulted in males talking to males (and thinking they were talking to females) to the more sinister hack at TV5Monde that saw the French television station being taken off the air (apparently a cyberattack by ISIS hackers) and the Cryptolocker episode at the Chicago Police Department that saw them pay a $600 Bitcoin ransom to get their data back. Even the popular development resource GitHub has been hit by Distributed Denial of Service (DDoS) attacks in recent months.
But it’s not just high profile organisations that are being targeted.
An unknown international group has recently issued DDOS threats to a range of Australian and New Zealand organisations that appear as an email threatening to take down the business’ network unless substantial Bitcoin payments are made within twenty four hours.
A Distributed Denial of Service (DDoS) attack is an attempt to make a networked service unavailable by overwhelming it with traffic from multiple sources.
Barry Brailey, Chair of the New Zealand Internet Task Force (NZITF), warns the threat should be taken extremely seriously as the networks of some New Zealand organisations have been targeted, and a number of Australian organisations have also been affected.
Brailey says the group has been sending emails to a number of addresses within an organisation. Sometimes these are support or helpdesk addresses, other times they are directed at individuals.
The emails contain links to news articles relating to their attacks, and include statements like:
“Your site is going under attack unless you pay 25 Bitcoin.”
“We are aware that you probably don’t have 25 BTC at the moment, so we are giving you 24 hours.”
“IMPORTANT: You don’t even have to reply. Just pay 25 BTC to – we will know it’s you and you will never hear from us again.”
25 Bitcoins equates to around $7,500.00 – making this a little more serious that the normal round of Bitcoin threats.
NZITF recommends that organisations that are targeted should not pay. “Even if this stops a current attack, it makes your organisation a likely target for future exploitation as you have a history of making payments,” it says.
blueAPACHE recommends that you educate all staff to be on the lookout for any emails matching the descriptions highlighted. If you receive such a message, contact your service provider as soon as possible to put processes in place to mitigate the damage a DDOS can occur. blueAPACHE clients should contact their account manager or the blueAPACHE Service Centre immediately.
For more information, contact your blueAPACHE account manager.