DDoS attacks are gaining a cryptocurrency edge
Attackers are embedding ransom notes seeking cryptocurrencies in DDoS traffic.
Akamai is well known for running a content distribution network used by some of the largest data companies in the world. Chances are, if you're streaming a movie or downloading lots of data from a major repository, then Akamai is involved in making that happen. Their servers hold and distribute massive volumes of data. Part of the reason they are widely used is because they have a strong security team that's constantly looking at and one-upping parties that seek to disrupt our access to information.
Over the last week or so, the company has been tracking some of the largest distributed denial of service (DDoS) attacks ever seen. Often DDoS attacks are threatened or only stopped when a ransom is paid.
When examining the traffic that is being used to flood sites during DDoS attacks, Akamai has found code that asks the affected party to pay 50 Monero (XMR) to a wallet address they've also included.
There are a couple of things that make this special. The threat actors are asking for payment in cryptocurrencies. While that's been common in ransomware attacks, it's a relatively new development when it comes to DDoS attacks. And, the ransom note, which used to be delivered separately, is now embedded in the traffic that is being sent to the sites that are under attack. Typically, the traffic that is directed during a DDoS attack is considered "junk" but now it seems the bad guys are taking the opportunity to use the traffic to deliver messages.
Another research company, Cybereason says the ransom note is repeated many times to create a 1MB file that is then sent using an army of remotely controlled, compromised servers over and over again.
It's not known whether the ransom demands have netted the attackers any rewards.
Why do criminals like Monero?
Last week, we reported on cryptojacking and how criminals favour Monero in those endeavours. As the calculations required to mine Monero can be completed using a general purpose processor, rather than a GPU (which is better for mining bitcoin), it's easier for bad actors to attack systems and access CPUs rather than GPUs.
Also, Monero transactions aren't displayed publicly like other cryptocurrency transactions so the transfer of coins is harder to see.
These give malicious parties reasons to favour Monero.