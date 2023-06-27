Share this article Share Comment on this story Comment

Below: A suspected administrator of a dark web narcotics platform is extradited, and the British citizen behind a 2020 celebrity bitcoin scam is jailed. First:

DDoS attacks get more crafty, show signs of upswing

On a Friday evening earlier this month, Microsoft revealed that a distributed denial-of-service (DDoS) attack caused outages for Outlook email and other elements of its software suite.

DDoS, which involves flooding a target with fake traffic, has often been thought of as a nuisance by cyber experts. It’s looked down upon because it’s an older kind of attack requiring little technical ability — with services that enable DDoS attacks even purchasable over the dark web for hundreds of dollars.

But the Microsoft incident served as a reminder that they can do much more harm, even if DDoS attacks don’t tend to involve any data theft. And it came during a time when DDoS is surging, showing signs of increasing sophistication and being aimed against new kinds of targets.

“In the world of cybersecurity threats, it’s sort of the equivalent of a cave man with a club,” Matthew Prince, CEO and co-founder of the security firm Cloudflare, told me. “It’s not particularly sophisticated, but can obviously do a lot of damage. … What we have seen is that the clubs continue to get bigger, and the cave men have gone from knocking down your website, which is embarrassing but may not be all that harmful, to now going after what can be much more critical.” (Cloudflare provides DDoS protection and mitigation services to websites.)

How it’s evolved

DDoS attacks have always demonstrated potential for doing damage that isn’t trivial. In 2016, for instance, a DDoS attack hit a tech company that provided online services to a number of other companies, leading to a day of sporadic outages for Netflix, Twitter, media outlet websites and many other sites among the world’s most popular.

Surprisingly, after some early DDoS attacks on Ukraine in the buildup to the war with Russia, the number of attacks dropped for most of last year — but it’s been on an upswing since the tail end of 2022, Prince said.

Two suspected Russian-connected groups, Killnet and Anonymous Sudan — the latter of which claimed credit for the Microsoft attack, and which Microsoft acknowledged — have driven a lot of the upswing, experts said.

Anonymous Sudan apparently has nothing to do with Sudan nor the hacktivist group Anonymous, and its links to Killnet are murky, the cybersecurity firm Flashpoint wrote in a blog post last week.

DDoS attacks against companies providing services to Ukraine-allied governments are a “scary” trend, Mark Dehus, director of threat intelligence for Lumen Black Lotus Labs, told me.

After the 2016 incident, DDoS attacks didn’t really evolve, Dehus said. That changed recently.

“Over the past year and a half or so, it’s being weaponized and being used as part of more active campaigns,” he said. “Whether it’s actually the Russian government funding or a bunch of people supporting Russia, that’s concerning.”

The increase in attacks on Europe have been a source of alarm as well. A report earlier this year, jointly produced by Akamai and the Financial Services Information Sharing and Analysis Center, found that the volume of DDoS attacks targeting financial institutions last year increased by 22 percent, but the number increased by 73 percent for financial institutions in Europe.

Akamai also recently contributed to a report by AT&T Cybersecurity that offered some insight on the perception of DDoS. “It was interesting that last year DDoS was low on the concern, and this year it’s high on the concern,” Steve Winterfeld, advisory chief information security officer at Akamai, told me. “But then when you go back and look at where people plan to spend money, it doesn’t correlate back to the perception of the threat.”

Some companies have also observed an increase in the use of different subcategories of DDoS attacks, and in the sophistication of them.

The harm and the help

The economic damage of a DDoS attack can be hard to measure. The attack on Microsoft surely affected productivity at companies around the world, when, for instance, workers couldn’t access their email. “Unfortunately, we have nothing to share at this time” on the cost of the attack on Microsoft, said Jeff Jones, senior director of communications at the company.

A betting website that goes down during the Super Bowl could suffer enormous economic losses, Dehus said. Sometimes attackers use DDoS threats for extortion, Winterfeld said, another trend on the rise — basically, the attackers say, if you don’t want us to take down your website, you better pay.

Voice-over IP company Bandwidth said in 2021 that a DDoS attack it experienced would end up costing the firm between $9 million and $12 million, citing “missed transaction volumes and customer credits.” Some customers left the service after the incident, its CEO said.

The Justice Department has announced at least two major actions against DDoS services in the past seven months, including one in May. The Cybersecurity and Infrastructure Security Agency, along with the FBI and the Multi-State Information Sharing and Analysis Center, offered a guide last fall to defending against them.

“These attacks can cost an organization time and money and may impose reputational costs while resources and services are inaccessible,” it said.

The keys

Suspect charged, extradited to U.S. for running dark web drug site Monopoly Market

Austrian authorities extradited an individual to the United States who was charged with allegedly running the dark web drug exchange website Monopoly Market, Bill Toulas reports for Bleeping Computer.

Milomir Desnica , is charged with facilitating $18 million in illegal drug transactions through his website,” Toulas writes. Desnica is a Croatian and Serbian citizen, according to the Justice Department. “According to a U.S. Department of Justice announcement , the suspect,, is charged with facilitating $18 million in illegal drug transactions through his website,” Toulas writes. Desnica is a Croatian and Serbian citizen, according to the Justice Department.

The grand jury indictment charging Desnica includes a count of conspiring to launder monetary instruments and another count of conspiring to distribute methamphetamine.

Monopoly Market was launched in 2019 as a narcotics marketplace. Each registered vendor was vetted by Desnica to verify that they were selling the illegal substances they claimed to have, the Justice Department alleges.

The FBI proved the validity of the site by secretly placing orders on the market, the report says.

“In December 2021, U.S. investigators seized Monopoly Market's hosting server with the help of cyber police forces in Germany and Finland,” Toulas adds.

An international law enforcement effort last month cracked down on nearly 290 Monopoly vendors, seizing nearly $56 million worth of cash and cryptocurrency.

House delegation to visit European nations this week, discuss cybersecurity strategies

A delegation of House members led by House Homeland cybersecurity subcommittee chairman Andrew R. Garbarino (R-N.Y.) will visit several European countries this week to discuss cybersecurity strategy approaches and collaborating with the United States to defend against cyberthreats, a committee spokesperson confirmed to The Cybersecurity 202.

Garbarino will be joined by Homeland Appropriations subcommittee chair Dave Joyce (R-Ohio), as well as Reps. Eric Swalwell (D-Calif.), and Rob Menendez (D-N.J.) to chat with country leaders on the subject matter.

A spokesperson said the delegation will visit three countries throughout Europe but was unable to discuss specific nations being visited for security reasons.

U.S. cyber officials have often collaborated with international partners on issuing statements over pending cyberthreats. The United States and E.U. for years have also held dialogues over cybersecurity collaboration and approaches.

British national behind 2020 celebrity bitcoin scam jailed in U.S.

U.K. citizen Joseph O’Connor, who admitted to hacking charges after hackers tricked Twitter employees into giving them access to administrator tools at the site that allowed them to take over celebrities’ accounts to carry out a bitcoin scam, has been sentenced to five years of jail time, the BBC reports.

O’Connor “hijacked more than 130 accounts in July 2020, including those of Barack Obama, Joe Biden and Elon Musk,” the BBC writes. “The 24-year-old pleaded guilty to hacking charges last month.”

“O’Connor, who went by the alias PlugwalkJoe, was extradited from Spain to the US in April and last month pleaded guilty to hacking charges that carried a total maximum sentence of more than 70 years,” the BBC writes.

“Three other men have been charged over the scam, with US teenager Graham Clark pleading guilty to his part in the deception in 2021,” the outlet reports.

O’Connor also admitted to committing other cybercrimes, including “gaining access to a high-profile TikTok account and stalking a minor,” the BBC writes.

Daybook

The Atlantic Council holds an event on U.S. tech competition with China at 10 a.m.

Jen Easterly speaks at Tel Aviv University’s CISA Directorspeaks at Tel Aviv University’s Cyber Week in Israel tomorrow at around 2 a.m.

