Given all the editorial space devoted to ransomware over the past couple of years, you might be forgiven for thinking that other cyber security threats have gone away. While it’s true that organised criminals have focussed attention and resources on ransomware attacks, as these have proven to be the most profitable, it’s far from the whole picture. Viewed through the lens of extortion – and that’s what ransomware is – it’s easy to see the looming presence of other threats.
Take distributed denial of service (DDoS), for example. DDoS attacks have become part and parcel of many ransomware ones, courtesy of the more advanced ransomware groups providing their affiliates with the ability to execute them directly from the “dashboard” software they have access to. In a ransomware attack, DDoS is used as just another twist of the leverage knife to “encourage” victims to pay up quickly.
Adding insult to injury
Outside of ransomware, DDoS attacks have continued as a standalone method of either causing corporate pain (for hacktivism purposes, petty revenge, or even competitive advantage) or good old-fashioned extortion. These attacks are being facilitated, for the most part, by the growth in the subleasing of botnet-driven “stressers” in a DDoS-for-hire scenario. Criminals, with offerings marketed and sold through dark web marketplaces and sometimes in plain sight on the web itself, will rent access to their botnets of malware-infested zombie devices at a given rate; a surprisingly low rate at that.
The truth about ransomware
An attack on an unprotected site letting loose 10-50K requests per second will cost as little as $50 for the day, according to the 2021 Dark Web Price Index published by Privacy Affairs. A premium protected site, upping the attack rate slightly and including multiple “elite” proxies, comes in at just $200 a day. Obviously, there’s a huge variation in both rental costs and attack quality, for want of a better phrase, and sustained high-rate attacks against large corporations can command many thousands of dollars an hour.
The point is DDoS attacks have become increasingly accessible to would-be attackers. And all of that is without considering criminal groups with access to botnets of their own that have the capability to launch a devastating attack.
RELATED RESOURCE
Outlook 2022: Five priorities for boards, management & governance professionals
What’s driving the future of governance
Towards the end of last year, several VoIP operators were cripped with outages as a result of ransomware attacks, including Voipfone UK which fell victim at the end of October. A service update announcement from the company called this an “extortion-based DDoS attack from overseas criminals”.
It’s likely these incidents are linked, which was essentially confirmed by the Comms Council UK (formerly known as ITSPA) whose chair, Eli Katz, released a statement. “Several Comms Council UK members and international IP-based communications service providers have been subjected to Distributed Denial of Service (DDoS) attacks over the past four weeks which appear to be part of a coordinated extortion-focused international campaign by professional cyber criminal,” he said. “We are liaising closely with the UK Government, National Cyber Security Centre, Ofcom and international agencies to share information and details about the nature of the attacks in the expectation of halting this criminal activity as quickly as possible.”
Mitigating the worst effects
These attacks, which had been occurring for some months, have been cautiously attributed to REvil, a criminal organisation renowned for its devastating ransomware attacks. According to my sources, the extortion demands have been in the region of one Bitcoin – so that’s anywhere between £40,000 and £50,000 depending on wind direction. Not a bad chunk of change, but certainly a lot less than your average successful ransomware attack can command. Political and law-enforcement pressure might just be causing a shift in focus for some gangs looking to continue making money while escaping some of that heat.
Here’s what Brian Higgins, a security specialist at Comparitech, had to say. “The VoIP service providers currently under attack have clearly taken the best approach by informing and liaising with the relevant authorities, whilst it may take some time to resolve the issue, their customers should be patient and observant, follow any advice provided, and be confident that this approach will make the sector a much less attractive target in the future.” Which probably comes as cold comfort to those impacted, of course.
There is some impact mitigation for some organisations, in that they will already have a fallback in place by employing two different providers. Not that I’m suggesting that VOIP services are prone to failure (well, okay, maybe I am, at least as far as proper implementation of least-cost routing is concerned). The point, however, is that fail-safes should be seen as a given if your company relies on any given service for business continuity, and telephony is no different.
The VoIP providers, meanwhile, like any other organisation, should consider the best moves to mitigate future attacks using dedicated services that monitor, in real-time, network traffic to identify and respond to DDoS traffic in whatever form it takes. Most often this would be by “scrubbing”, which diverts the attack traffic, on-demand, to a centre that removes the bad stuff and reroutes “clean” traffic back where it belongs. These services don’t come cheap, especially if an attack is high-volume and long-lasting, but neither does falling victim and your business being taken offline for hours, or days, at a time. The attackers know this and that’s why, for now, DDoS is a threat you can’t afford to ignore.
-
LaunchDarkly to "double down" on observability with Highlight acquisitionNews Highlight's observability tools will be integrated into LaunchDarkly's Guarded Releases software deployment service
-
Samsung Galaxy Tab S10 FE reviewReviews The Tab S10 FE retains the feel and core capabilities of Samsung's high-end S10 tablets, but compromises on the display and the performance
-
Ransomware attacks are rising — but quiet payouts could mean there's more than actually reportedNews Ransomware attacks continue to climb, but they may be even higher than official figures show as companies choose to quietly pay to make such incidents go away.
-
Cleo attack victim list grows as Hertz confirms customer data stolen – and security experts say it won't be the lastNews Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.
-
‘Phishing kits are a force multiplier': Cheap cyber crime kits can be bought on the dark web for less than $25 – and experts warn it’s lowering the barrier of entry for amateur hackersNews Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
Healthcare systems are rife with exploits — and ransomware gangs have noticedNews Nearly nine-in-ten healthcare organizations have medical devices that are vulnerable to exploits, and ransomware groups are taking notice.
-
Alleged LockBit developer extradited to the USNews A Russian-Israeli man has been extradited to the US amid accusations of being a key LockBit ransomware developer.
-
February was the worst month on record for ransomware attacks – and one threat group had a field day
News February 2025 was the worst month on record for the number of ransomware attacks, according to new research from Bitdefender.
-
CISA issues warning over Medusa ransomware after 300 victims from critical sectors impactedNews The Medusa ransomware as a Service operation compromised twice as many organizations at the start of 2025 compared to 2024
-
Warning issued over prolific 'Ghost' ransomware groupNews The Ghost ransomware group is known to act fast and exploit vulnerabilities in public-facing appliances
