Radware Warns Financial Sector of Possible Cyberattacks

Radware Warns Financial Sector of Possible Cyberattacks
06.05.2016 01:00 pm

Radware Warns Financial Sector of Possible Cyberattacks


According to insight from Radware’s Emergency Response Team (ERT) the number of DDoS for Ransom attempts worldwide grew significantly during the last week. But most worrying, the ERT has discovered that many of the letters used to request the ransom are fake, yet companies are falling for the scam. 

Radware is warning the financial sector to take caution when assessing the legitimacy of a threat, and to consider seeking expert advice to help decipher the threat level to their business.  

Daniel Smith, one of Radware’s leading researchers and a former hacker, explains: “Distributed Denial of Service (DDoS) for Ransom attacks work by running a ‘sample’ attack on a company network while at the same time sending a note asking for payment, usually in bitcoin, by a certain date ‘or else’ they will hit the company with a much larger and more devastating attack. When companies pay up, the hackers take advantage of the situation by returning to extort again. It’s a simple game of squeezing more money once they know they have your attention.

“The most prolific DDoS groups– Lizard Squad, Armada Collective and DD4BC - have been caught and numerous arrests have been made over the past 12 months.  After the last wave of these arrests in December, the global ransom landscape quietened down.

“But last week we saw an exponential rise in the number of DDoS for ransom letters being sent. The first wave of these letters promised an attack by a certain date if bitcoin was not paid.  However, after that deadline passed, no attacks took place.  We then saw a second wave of these ‘fake’ ransom notes going out to a new round of unsuspecting companies.  When examining these notes, we quickly saw a clear difference between the legitimate and the fake ransom notes.

“The latter are being sent by opportunists claiming to be from groups like Lizard Squad, but actually have no official links, or intention of running an attack. They are hoping that their victim will pay up out of fear.”

Radware’s ERT team is concerned that companies will be lulled into a false sense of security with this flood of fake ransom notes. Daniel adds: “It’s only a matter of time before we see a new group attempting to launch a DDoS for Ransom campaign. There’s therefore no guarantee that next time the company will be so lucky as to escape a full-blown attack. And of course, if that does happen, untold damage could be done to company’s network and reputation.”

Radware has issued a guide to spotting a fake ransom letter and information on how to deal with a ransom attack generally.

How to detect a fake:

  • Fake hackers request different amounts of money. Armada Collective normally requests 20 bitcoin. Other campaigns have been asking for amounts above and below this amount. Low bitcoin ransom letters are most likely from fake groups hoping their price point is low enough for someone to pay rather than seek profession assistance.
  • Real hackers prove their competence by running a small attack while delivering a ransom note. If you can see a change in your network activity then it’s probably genuine
  • The fake hackers don’t link you to a website, or have official accounts, a good sign they are not organised
  • Real hackers tend to attack many companies in a single sector. Fake hackers target anyone and everyone
  • There are subtle differences between a real and a fake ransom note as can be seen in this alert here: https://security.radware.com/ddos-threats-attacks/threat-advisories-attack-reports/ransom-attacks/

How to manage a suspected attack:

  • Bottom line, whether you think it is real or not, seek expert advice on how to safeguard your network
  • Enlist the help of a security specialist who can intervene and protect your network before any damage is done
  • Educate employees to check email spam filters regularly so genuine ransom notes are not missed
  • Consider employing or consulting with an ex-hacker who can help you spot the trends. If you are uneasy about the risk then work with a partner who is employing the skills of ex-hackers.

Companies can stay on top of the latest information and attacks happening around the world by visiting Radware's Threat Advisories and Reports website or by downloading the Radware app from the Apple Store.

Related News

Mphasis Digital Risk leverages Mendix low-code platform to enable fast, effective digitalization for the financial services industry

Mendix, a Siemens business and the global leader in enterprise low-code, today announced that... Read more »

World’s Biggest Virtual Global Fintech Fest Saw Participation from over 12000 Attendees from over 110 Countries

Global Fintech Fest which (GFF) organised by Fintech Convergence Council (FCC), Payments Council of India (PCI) and National Payments Corporation of India (NPCI) on 22nd &... Read more »

TransUnion enhances document verification solution as new research finds identity fraud at center of many digital COVID-19 scams

New research from TransUnion’s (NYSE: TRU) Consumer... Read more »

Adobe, IBM and Red Hat announce strategic partnership to advance customer experience transformation

Adobe (Nasdaq: ADBE), IBM (NYSE: IBM) and Red Hat today announced a strategic partnership to help accelerate digital... Read more »

NICE Actimize enhances SURVEIL-X Holistic Trade Surveillance solution with self-service analytics for custom risk detection

In the world of financial services, regulations and business risks are constantly evolving. Surveillance models that get the job done today could be out-of-date tomorrow,... Read more »

Free Newsletter Sign-up
+44 (0) 208 819 32 53 +44 (0) 173 261 71 47
Download Our Mobile App
Financial It Youtube channel