最有看点的互联网金融门户

最有看点的互联网金融门户
区块链国际资讯

英国主要金融机构遭受比特币勒索集团集中敲诈

据报道,自去年以来,包括劳埃德银行、英国航空航天系统公司在内的多家英国大型公司和组织都受到了来自比特币勒索集团DD4BC的分布式拒绝服务袭击。阿卡迈公司发布的网络安全案例研究显示,自今年4月份开始,发生在该公司客户身上的DD4BC敲诈行为就有114起,单是今年6月份,就发生了41起,而在今年1月份和2月份仅仅发生了5起。

阿卡迈公司安全部的主管斯图尔特·施柯尔在一次新闻发布会上表示,“最近一次网络袭击,主要是针对金融服务业,采用了许多新的战略战术,旨在公开骚扰、敲诈受害者并最终使受害者感到困窘。”

据阿卡迈公司介绍,DD4BC敲诈集团的目标中58%是金融机构。DD4BC敲诈集团一开始会随机发送敲诈邮件,声明的敲诈金额往往为1到100比特币(约合160英镑至16,000英镑)不等,邮件中还会说明上缴比特币的最后期限,并说明这只是一个“小型的公开袭击”的警告。一旦受害者表示不合作,他们就会提高金额,并向受害者发出更有力度的威胁。这种方法在勒索金融机构时特别有效,因为DD4BC敲诈集团威胁说要公开勒索,损坏金融机构的名誉,削弱他们的可信度。

阿卡迈公司的报告还显示,DD4BC诈骗集团正在使用这种在分布性拒绝服务的雇佣市场发现的典型脚本化勒索方式,并且主要利用三种方式进行攻击:NTP(网络时间协议)灾害、SSDP(简单服务发现协议)灾害以及UDP(网络用户数据协议)灾害。目前最大的袭击强度大约是56.2Gbps。阿卡迈公司提出警告,各种山寨债片集团也有可能会加入这场混战。幸运的是,因为DD4BC诈骗集团已经将目标转移至企业水平的组织,执法部门似乎终于开始提起注意。英国国家犯罪局上周就成为黑客组织Lizard Squad的分布式拒绝服务的目标,英国国家犯罪局表示它已经“注意到”该组织的活动。

很多公司都按敲诈集团DD4BC的要求去做了。但是此前一名受害者还尝试了一种不同的方法,给组织提供了一大笔金额高达100比特币(合16,000英镑)的奖金,希望有人可以找到到底谁是幕后真凶的细节。Bitman是一家大型的比特币存储设备制造商,它被勒索了10比特币。截止到目前,虽然有许多潜在人选,但是这笔奖金还没人认领。

A number of large UK corporations and institutions, such as Lloyds Bank and BAE systems, have reported a “marked increase” in Distributed Denial of Service (DDoS) attacks from the Bitcoin extortionist group DD4BC, which has been operational since last year. The increased aggressions appears concurrent with reports from other organisations. A cybersecurity case study released by Akamai identified 114 DD4BC attacks against the company’s customers since April 2015, with 41 cases taking place in June alone. In comparison, there were only 5 attacks in January and February 2015.

"The latest attacks—focused primarily on the financial service industry—involved new strategies and tactics intended to harass, extort and ultimately embarrass the victim publicly,” said Akamai Security Division executive Stuart Scholly in a press release.

58% of DD4BC's targets are financial institutions, according to Akamai. The group begins with ransom emails that state their demands, which vary anywhere between 1 and 100 bitcoins (about £160 to £16,000), a deadline for compliance, and warning of a “small, demonstrative attack.” Should the victim prove uncooperative, the figure is raised and a more forceful show of force is made. This technique is particularly effective against financial institutions as DD4BC threatens to publicise their attacks, negating the institution's reputation and trustworthiness.

Akamai reports that DD4BC—which stands for "DDoS for Bitcoin"—has been observed utilising the typical scripted attacks found on the DDoS-for-hire market, and have mainly made use of three attack types: NTP floods, SSDP floods, and UDP floods. The largest attack so far was measured at around 56.2Gbps. The company warns that copycats may enter the fray. Fortunately, in part because DD4BC has begun to target enterprise-level organisations, law enforcement agencies appear to have finally taken notice. The UK’s National Crime Agency, which itself was target of a Lizard Squad DDoS last week, informed Bloomberg that it was “aware” of the group’s activities.

A number of businesses have complied with DD4BC's demands, but one former victim tried a different tack, placing a bounty of 100 bitcoins (~£16,000) on the group in the hope that someone might come forward with details of who's behind the attacks. Bitman, a large Bitcoin mining equipment manufacturer, then added 10 Bitcoins to this figure. So far, despite a number of potential leads, the bounty hasn't been claimed.


用微信扫描可以分享至好友和朋友圈

扫描二维码或搜索微信号“iweiyangx”
关注未央网官方微信公众号,获取互联网金融领域前沿资讯。

发表评论

发表评论

您的评论提交后会进行审核,审核通过的留言会展示在下方留言区域,请耐心等待。

评论

您的个人信息不会被公开,请放心填写! 标记为的是必填项

取消

杨玉颖未央青年

68
总文章数

翻译硕士在读,CATTI笔译二级,带着觉知,用心翻译。

期货上线首日熔断两次,比特币能被驯服吗?

蔡凯龙 13小时前

比特币期货合约即将面世 七个要点值得关注

晓燕 | 汇通网 20小时前

比特币的1973

评论尸 20小时前

比特币圈里圈外的博弈

郑一真 | 经济观察报 20小时前

2017年最后悔的事,可能是没有重仓比特币

薛洪言 | 苏宁金融研... 1天前

版权所有 © 清华大学五道口金融学院互联网金融实验室 | 京ICP备17044750号-1