Security pros see increase in Meetup-like DDoS extortion

Meetup, which faced a massive DDoS attack after refusing to pay ransom, is just the latest of a rising number of attacks aimed at extorting money from websites, security experts say.

[7 essentials for defending against DDoS attacks]

Meetup Chief Executive Scott Heiferman reported over the weekend that the social network had to contend with a “massive attack on our servers” that started Thursday and knocked the company offline for about 24 hours. A subsequent attack on Sunday also took the service down temporarily.

The attack started after Meetup refused to pay $300 to the attackers. While the amount wasn’t much, the company did the right thing by refusing to pay the extortionists, DDoS experts say.

The amount was low probably because the attackers wanted to see if the company would pay. If they did, then the attackers would have come back asking for more money, typically around $10,000.

“Giving into their demands might make the pain go away in the short term, but the long term results aren’t worth it as the price always goes up,” Dan Holden, director of security research at Arbor Networks, said.

Some DDoS attackers have used extortion for sometime, mostly against online businesses. “Extortion DDoS attacks are becoming more and more common, which correlates with the rise of DDoS attacks we’ve seen in the last six months,” Xenophon Giannis, chief operating officer of Black Lotus, said.

Online businesses, particularly gambling sites, are typically targeted, because they are more likely to pay to avoid having their businesses taken down. The attacks typically originate from botnets rented on the dark Web.

Besides extortion DDoS, some attackers will target a competitor in order to knock it offline during a big event. This is common among sports betting sites, Giannis said.

“A sports betting site may see a windfall of customers by DDoS attacking its competing market leader right before March Madness,” he said.

To avoid the damages from a DDoS attack, CSOs should prepare in advance with plans on how to redirect bogus traffic when it occurs. Waiting until the attack can result in delays in getting the site back up, depending on where it is hosted and how long it takes the Internet service provider to clear the traffic.

[Meetup struggles under weight of a massive DDoS attack]

“Take these attacks that are happening against other companies seriously and think about how you can architect your infrastructure to counter (DDoS assaults), so you don’t lose revenue,” Hans Cathcart, senior enterprise security architect for Akamai, said.