July 17, 2017
"For the Hospitality sector, IATA [International Air Transport Association] has already started an initiative to enforce payment security standards on all of its members," Fong said, adding that this was another proactive sign that international associations are starting to understand both the urgency and magnitude of cyber fraud and cyber attacks. "IATA travel agents are now required to strengthen their information security, which means they also need to look for counter measures to fend of cyber fraud and cyber attacks."
Speaking to Computerworld Malaysia, computer forensics investigator and expert witness Krishna Rajagopal (pic below) agreed. "The Ransom-DDOS attacks were obviously done with someone who either has done a lot of research or someone who has local intelligence. This was not your average foreign attacker."
Ransom DDOS not new
However, the ransom variation on DDOS is not new. "Ransom DDOS, has been on the increase for the last several years. In fact a research survey done last year by Corero states that 80 percent of IT security professionals surveyed believe that their organisation will be threatened with a DDoS ransom attack in the next 12 months."
"In fact extortion is an old trick and its resurfacing back with a vengeance with DDOS, and ransom combined - cyber extortion," said Rajagopal. "In fact, last month a South Korean web hosting company - Nayana - even paid US$1 million as a ransom for a Ransom DDOS attack."
"As to whether it was DD4BC, Armada Collective, Lizard Squad, or just some fraudsters pretending to be one of them to camouflage their activities, is something that needs more thorough investigation," explained Rajagopal, who is chief executive of Akati Consulting. "Our initial findings were there was a strong element of local influence into this series of Ransom DDOS attacks."
Cyber threat intelligence consultant Azril Rahim told Computerworld Malaysia (10 July 2017) that he too has been monitoring the Armada Collective for some time. "The most successful attack was on Nov 2015 against Swiss's ProtonMail. They managed to take down the system for 15 mins and also finally received their bitcoin ransom money after the second attack. However, the second attack was subsequently found to have not come from the Armada Collective but turned out to have been an 'unknown, sponsored' targeted attack."
That DDOS attack seemed to have been a smoke screen for a larger stealth attack, said Azril, adding that threat intel consultants are recommended to consider this modus operandi - in addition to normal info security parameters - when formulating policies top management to see beyond normal Info Sec perimeter.