For the last year or so, an individual or organization calling itself DD4BC (‘DDoS for Bitcoin’) has been rapidly increasing both the frequency and scope of its DDoS extortion attempts, shifting target demographics from Bitcoin exchanges to online casinos and betting shops and, most recently, to prominent financial institutions (banks, trading platforms and payment acquirers) across the United States, Europe, Asia, Australia, and New Zealand. Other verticals receiving extortion threats include ISPs and publishers all of which suggests that the attacker is diversifying attempts to generate funds.
Last week, ASERT provided Arbor customers with Situational Threat Brief 2015-04 DD4BC DDoS Extortion Threat Activity. This threat intelligence report profiles at least thirty-seven distinct attacks and/or attack campaigns launched by the DD4BC actor(s) between early 2014 and late May 2014. It includes sample extortion emails, related Bitcoin-based financial transactions, and references to several resources on how to easily mitigate attacks by this actor or by copycat attackers. The TTPs and contextual awareness provided by this brief will be useful to anyone seeking broader or deeper insights into DD4BC.