ASD warning: DDoS extortion attacks threaten Aussie banks

The attack claims so far seem empty, but the threats mirror actual attacks that have been carried out elsewhere

Ransomware
Kaptnali / Getty Images

The Australian Signals Directorate (ASD)'s Australian Cyber Security Centre (ACSC) issued a threat alert on Tuesday because attackers were threatening to knock Australian banking and finance firms offline unless a ransom was paid.

For now, it appears the DDoS threats are empty, suggesting it could be part of a phishing campaign or a scam. According to ACSC, the threats are purported to have come from a group that calls itself Silence Hacking Crew, though ACSC says it hasn’t verified the claim. The attackers send an email to a recipient at the target company threatening to knock out its online services unless the victim pays up on the Monero cryptocurrency.

“The ACSC cannot positively verify the legitimacy of any threats made by the actor. However, the ACSC has received no reports of the threats eventuating in DoS and is aware of a number of DoS threats made in the past against Australian organisations that did not eventuate,” the ACSC said. Nonetheless, ASCS still recommended that potential targets prepare for DDoS attacks by blocking, move some online services to a CDN, using multiple major cloud service providers, or purchasing a DDoS protection service. 

Silence Hacking Crew has been linked to recent attacks on banks in Africa, but there it used different techniques. According to security firm Kaspersky, Silence is a sophisticated Russian hacking group. The Africa attacks began with phishing emails to bank staff that contain malware, as opposed to the threat of a DDoS attack. The ultimate goal of the malware attacks was to cash out funds at ATMs by compromising internal banking networks rather than extort victims for Monero. 

The ACSC ransom alert comes as Australian logistics and delivery firm Toll Group continues its recovery effort after data on some of its IT systems were encrypted by the Mailto ransomware on January 31. Some Toll Group online systems have been partially restored, but the company hasn’t announced a full recovery yet, some 25 days after it opted to take key systems offline.

Copyright © 2020 IDG Communications, Inc.

The 10 most powerful cybersecurity companies