According to statistics, on the last Friday before December, ordinary people begin to massively purchase gifts for the New Year. For example, in the USA approximately 70% of adult citizens make purchases on this day, which, due to the huge profit (black in accounting), businessmen call a “black” day.
Unfortunately, the statistics are known not only to retailers, but also to cyber fraudsters, who are also traditionally active at this time of the year.
Due to the increased risk, the German Federal Office for Information Security (BSI) on the eve of 11/26/2021 increased the threat level to “yellow” (Press release). According to experts, DDoS attacks with record numbers are expected in the coming days.
It should be noted that DDoS attacks are often accompanied by the following phenomena:
- racketeering under the guise of “DDoS protection”;
- phishing users with directing to fake sites without EV SSL certificates (phishing is simplified if the original sites are under DDoS).
The dangerous period starts on 11/26 Black Friday and will continue until New Years, including Cyber Monday 11/29, pre-Christmas and Christmas sales.
This year, several new records were set for infrastructure and DDoS support:
- During attacks on Microsoft Azure cloud breaks the record for peak traffic: 2.4 Tbit / s. As an attack vector, the attackers chose to reflect and amplify traffic over protocols that use UDP transport, with about 70,000 points of attack mainly from Yu.-V. Asia.
The attack lasted over ten minutes, with very short bursts, each reaching terabit volumes within a few seconds. In total, three peaks were observed: the first 2.4 Tbit / s, the second 0.55 and the third 1.7 Tbit / s.
- The attack on Yandex used the Meris botnet, which set a new record for the number of requests: almost 21.8 million requests per second. The Meris botnet mainly consists of home routers from the Latvian manufacturer MikroTik.
Alarming changes are observed in other metrics as well. For example, a record number of variants were found XorDDoS – Linux Trojan for Docker containers.
The XorDDoS botnet was used for large-scale DDoS attacks several years ago.
It’s no secret that DDoS attacks and protection against them are often offered by the same companies.
The number of DDoS racketeering incidents continues to grow steadily. They are increasingly coming into the public eye. Recently, telecommunications companies and VoIP providers have become victims of ransomware.
On the eve of the Christmas sales, it is becoming especially profitable to DDoS online stores, for which the cost of downtime rises sharply. A significant increase in crime is now expected, especially in the area of DDoS racketeering.
Recommendations for companies:
- Prepare an action plan in advance in case of DDoS ransomware attempts.
- Do not respond to demands for money for DDoS protection.
- BSI recommends such a list from 12 qualified providers for DDoS protectionwhich includes Cloudfare and Akamai.
- As a preventive measure against XorDDoS, it is recommended to disable Telnet and protect SSH with at least a strong password or key. To combat brute-force, you can use fail2ban.
Users are encouraged to pay attention to the presence of
at your online store to avoid falling victim to phishing.
Scammers put up sites that look like a real online store. This site is promoted through spam mailings in instant messengers and by mail. Therefore, when clicking on such a link, you need to double check the URL, otherwise the money will go to criminals.
To prevent this from happening, browsers have recently displayed a warning about “unsecured connection” on all sites without SSL certificates.
One of the abandoned Russian sites without an SSL certificate
This may be acceptable for a free library, but not very suitable for an online store that will lose some of its customers.