Security pros see increase in Meetup-like DDoS extortion

Meetup, which faced a massive DDoS attack after refusing to pay ransom, is just the latest of a rising number of attacks aimed at extorting money from websites, security experts say.

Meetup Chief Executive Scott Heiferman reported over the weekend that the social network had to contend with a "massive attack on our servers" that started Thursday and knocked the company offline for about 24 hours. A subsequent attack on Sunday also took the service down temporarily.

The attack started after Meetup refused to pay $300 to the attackers. While the amount wasn't much, the company did the right thing by refusing to pay the extortionists, DDoS experts say.

The amount was low probably because the attackers wanted to see if the company would pay. If they did, then the attackers would have come back asking for more money, typically around $10,000.

"Giving into their demands might make the pain go away in the short term, but the long term results aren't worth it as the price always goes up," Dan Holden, director of security research at Arbor Networks, said.

Some DDoS attackers have used extortion for sometime, mostly against online businesses. "Extortion DDoS attacks are becoming more and more common, which correlates with the rise of DDoS attacks we've seen in the last six months," Xenophon Giannis, chief operating officer of Black Lotus, said.

Online businesses, particularly gambling sites, are typically targeted, because they are more likely to pay to avoid having their businesses taken down. The attacks typically originate from botnets rented on the dark Web.

Besides extortion DDoS, some attackers will target a competitor in order to knock it offline during a big event. This is common among sports betting sites, Giannis said.

"A sports betting site may see a windfall of customers by DDoS attacking its competing market leader right before March Madness," he said.

To avoid the damages from a DDoS attack, CSOs should prepare in advance with plans on how to redirect bogus traffic when it occurs. Waiting until the attack can result in delays in getting the site back up, depending on where it is hosted and how long it takes the Internet service provider to clear the traffic.

"Take these attacks that are happening against other companies seriously and think about how you can architect your infrastructure to counter (DDoS assaults), so you don't lose revenue," Hans Cathcart, senior enterprise security architect for Akamai, said.

Join the CSO newsletter!

Error: Please check your email address.

Tags security

More about Akamai TechnologiesArbor NetworksArbor NetworksHolden- General MotorsScott Corporation

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Antone Gonsalves

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts