In a Facebook post on August 8, Ukrposhta said it was able to normalize the situation during the first day of attacks on August 7 by 5pm. The attacks resumed the following day, at which point Ukrposhta said its site and services were working, though slowly and with interruptions.
Imperva director of marketing Igal Zeifman told eSecurity Planet by email that it’s not unusual to see these types of repeat attacks. “Recently, such tactics had become more common due to their ability to disrupt some security measures and cause fatigue to the people in charge of the attack mitigation, forcing them to stay alert even in the quiet time between attacks,” he said.
“In the first quarter of the year, we saw the number of such repeat assaults reach an all-time high, with over 74 percent of DDoS targets attacked at last twice in the span of that quarter,” Zeifman added.
This isn’t the first time Ukposhta has been hit hard by cyber attacks — Interfax reports that just a few weeks ago in its report for the first half of 2017, Ukrposhta said its network was heavily impacted by the NotPetya attacks in late June.
Kaspersky Lab recently released its Q2 2017 DDoS Intelligence Report, which notes that the quarter saw a 277-hour (more than 11 days) DDoS attack, 131 percent longer than the longest DDoS attack in Q1 2017 and a record for the year.
DDoS attacks hit 86 countries, up from 72 countries in Q1 2017. The top 10 most affected countries were China, South Korea, the U.S., Hong Kong, the U.K., Russia, Italy, the Netherlands, Canada and France. Over 58 percent of all attacks were aimed at targets in China.
The number of attacks per day ranged from 131 on April 17 to 904 on April 13. Mondays were the quietest day for DDoS attacks, and Sundays were the busiest.
The Ransom DDoS Trend
Kaspersky also noted an increase in Ransom DDoS or RDos attacks, with the attackers demanding a ransom of between five and 200 bitcoins to stop a DDoS attack. The demand is sometimes accompanied by a short-term DDoS attack, though some ransom demands are made with no accompanying attack.
“Nowadays, it’s not just experienced teams of hi-tech cybercriminals that can be Ransom DDoS attackers,” Kaspersky Lab head of DDoS protection Kirill Ilganaev said in a statement. “Any fraudster who doesn’t even have the technical knowledge or skill to organize a full-scale DDoS attack can purchase a demonstrative attack for the purpose of extortion.”
“These people are mostly picking unsavvy companies that don’t protect their resources from DDoS in any way and therefore can be easily convinced to pay ransom with a simple demonstration,” Ilganaev added.
The damage from paying a ransom, Ilganaev said, can expand far beyond the cost of the ransom itself. The company can get a reputation as a “payer” within criminal networks, provoking more attacks and ransom demands.