Know your Enemy: How to Deal with Cyber Extortion

Sponsored by Link11

Experts from Link11, Police Crime Prevention Initiatives (PCPI) and Berkeley Rowe International Lawyers, dive deep into the cyber threats that plague businesses and discuss how we can fight back from a technical and legal viewpoint

There has been a noticeable rise in the number of DDoS attacks this year with groups such Fancy Bear, Lazarus Group or Fancy Lazarus all targeting UK companies. Perhaps even more significant is the number of unreported cases, which is estimated to be even higher with a large portion of affected organisations failing to file a report with police.

As a result of the rising threat of DDoS attacks, Link11 set out to educate businesses about the dangers of DDoS attacks, giving them the tools and explaining the measures that they can take to protect themselves. In September, they hosted a webinar to explore the significant rise in DDoS attacks against UK companies since the start of 2021. The webinar was carried out in partnership with the Police Crime Prevention Initiative (PCPI) and Berkley Rowe International Lawyers. You can find the recording of the webinar here or the main points in the following summary.

 

 

Fancy Bear & Fancy Lazarus and the impact to businesses when hit with a DDoS attack

Joss Penfold, Regional Director UK & Ireland, Link11, began the session with an explanation of what a DDoS attacks is, and how extortion campaigns are becoming a more significant threat in the DDoS vector, with 33% more attacks in 2020 than 2021. With more devices being connected to the internet, attackers can target devices over a far larger IP range. This makes it more difficult to identify where an attack is coming from, which is where the name Distributed Denial of Services (DDoS) comes from.

Mr Penfold went on to talk about how DDoS aligns with extortion campaigns. The software to carry out these attacks is available relatively cheaply on the dark web. Perpetrators will mainly attack businesses that rely heavily on their online offering and drive revenue through connected sources, or store data sensitive information on their servers. They will then identify weaknesses in the online security set up and target those vulnerabilities to run test attacks on an IP address. This is likely to have some effect on that IP address, causing latency and perhaps even a total outage. They then let you know about an incoming larger attack and extort you for money to prevent that attack.

Mr Penfold went on to discuss more specific groups of attackers with organisations such as Fancy Bear and Fancy Lazarus who have been more prolific over the last two years. These groups more recent attacks have been specifically targeted to organisations that are more likely to make payments. Mr Penfold concluded by reminding the audience that the important thing to do is to never pay the ransom and pre-empting attacks with cyber protection is also important to mitigate risks.

security

The challenge of policing cybercrime in an ever-changing online landscape

Simon Newman, Head of Cyber and Business Services at PCPI, took the virtual stage next and spoke about how the PCPI is working to reduce and police DDoS attacks. He noted that underreporting of these crimes is still a big issue, especially when relating to cybercrime, as only 1.7% of cybercrime is reported to the police. This is despite the fact cybercrime is on the rise with an 85% increase since 2019.

This means that the police are only seeing the tip of the iceberg in terms of criminal activity online. However, it is important that the police know as much as possible about crimes being committed. Police rely heavily on the information that they receive from victims to be able to properly tackle the issues facing the public but the lack of reporting leaves them often playing catch up. These issues are now beginning to be tackled by governments across the world to address the challenges faced by law enforcement such as resources, complexity of the issue, jurisdiction and the age of the offender which often means they’re too young to be prosecuted in criminal court.

 

The possible implications businesses face following a successful attack

In the final session of the afternoon Leonard Scudder, Partner at Berkeley Rowe International Lawyers, started by reaffirming Simon’s perspective on the challenges associated with prosecuting minors and identifying suspects from a legal standpoint, which means there is little to deter them from committing further crimes in the future.

Leonard then went on to make the distinction between cyber-dependent crimes such as phishing, and cyber-enabled crimes involving the misuse of personal information. He further analysed the differences between unauthorised access through hacking and disruptive attacks, under which DDoS attacks fall under.

While large breaches are highly publicised, Leonard pointed out it is often the smaller players that are the most heavily affected. Despite this, only 14% of businesses targeted by DDoS attacks had taken any measures to prevent it from happening. Most attacks end up costing businesses £150,000 which for a small business could be fatal.

Leonard emphasises that the best way to prevent these kinds of attacks is proper training for staff to stop them from making the errors that allow attacks to infiltrate a business. Other prevention methods are to properly fund security and tech and to have dedicated teams to tackle cybercrime.

The rising threat of DDoS attacks is something that businesses can no longer ignore. Doing so leaves them open to attacks that are potentially fatal to them as a business. By implementing proper training and investing in cyber resilience technology they are able to keep their assets safe and avoid large scale disruption to their business.