Hackers are blackmailing banks with threats of DDoS attacks

Hackers are threatening banks and other financial institutions with Distributed Denial of Service (DDoS) attacks if they don’t pay them tens of thousands of dollars, according to various reports

More than 100 companies were threatened, according to MarketWatch, which cited a Federal Bureau of Investigation (FBI) agent.

Among the companies being targeted were big banks and brokerages in the financial sector.

A DDoS attack is when a hacker floods a website with traffic, forcing it offline. It is usually done with the help of multiple compromised systems, which are often infected with a Trojan.

Richard Jacobs, assistant special agency in charge of the cyber branch at the FBI’s New York office, told MarketWatch these threats have been coming in since April.

He added that in some cases, the companies have paid up. These companies end up facing further trouble as hackers know that they are willing to engage.

“There are some groups who typically will go away if you don’t pay them, but there’s no guarantee that’s going to happen,” Jacobs says. He says not all targets have experienced actual attacks.

Companies are willing to pay large sums of money, as DDoS attacks could see them lose even more. A DDoS attack could see a company lose more than $100,000 an hour, according to Neustar, a Sterling, Va.-based information services and analytics company.

Jacobs says the FBI does not advise or direct firms as to whether or not to pay the attackers or let their websites go down.

“How important is that access to that website to your business? They have to make their own calls,” Jacobs says. “If you’re a discount broker and that’s the only way your customers can trade, that would be a concern. If it’s just a website that’s used for general news and information, maybe it’s not so difficult to have it down for an hour or two.”

Yaroslav Rosomakho, Principal Consulting Engineer EMEA at Arbor Networks commented: “The fact hackers are planning on taking down websites with DDoS attacks unless organisations pay large sums of money is testament that hackers are becoming increasingly ruthless. Hackers’ activities against internet services of financial institutions are on the rise, since these services are an absolutely critical part of daily business.

"Hackers realise that DDoS can be as disruptive as other more traditional attack methods and, unfortunately, still many organisations do not pay enough care to availability protection of their services and infrastructure.

“Our research shows that DDoS attacks are continuing to grow in size, complexity and frequency with nearly half of businesses experiencing DDoS attacks last year. As attack size increases, so does the complexity of the hacker’s toolkit.

"To ensure protection from these threats, organisations must have multi-layered DDoS protection in place, using both cloud and network-perimeter components to protect from stealthy application layer, state exhaustion and large volumetric attacks."