13 August 2015
Guernsey Police is encouraging businesses that rely on maintaining internet access to check they have appropriate levels of cyber security, following an attempt by a criminal group to target firms locally.
The attempts, while unsuccessful, were made by a group of highly sophisticated cyber criminals and highlighted that Bailiwick companies must be prepared for this type of attack.
For the purposes of background, during the last 12-18 months an organisation calling itself DD4BC has been targeting various companies - ranging from online casinos to banks - with 'distributed denial of service' attacks (DDoS).
DD4BC has been increasing both the frequency and scope of its DDoS extortion attempts, shifting targets from bitcoin exchanges to online casinos and betting shops and, most recently, to prominent financial institutions across the United States, Europe, Asia, Australia, and New Zealand.
The group blackmails companies by demanding bitcoin payments to avoid their central services being subjected to DDoS attacks.
If an attack of this nature is successful, it could bring down vital business services. Cutting off certain businesses from the internet can lead to significant disruption, loss of business and money.
DD4BC emailed an extortion notice to several local firms, followed by an active demonstration of their capabilities.
Regarding the demonstration, DD4BC says in the email: 'Don't worry, it will not be hard and will stop in 1 hour. It's just to prove that we are serious.'
The group asks for 30 bitcoin, with a threat that the price goes up if the company does not pay within 24 hours.
While none of the attempts - all made during the last six weeks - have been successful, the instances highlighted the importance of Bailiwick companies being prepared. We would recommend that any local firm reliant on maintaining internet access employs anti-DDoS technology.
We would also encourage any company that believes it is being targeted to alert both their service provider and Guernsey Police.
More information can be found on this link: https://heimdalsecurity.com/blog/security-alert-dd4bc-targets-companies-with-complex-ddos-attacks/
The States of Guernsey has just launched two online surveys (one for individuals and another for companies) to help government better understand the current cyber threat. The survey can be found at www.gov.gg/cybersecuritysurvey
Issued by Joel de Woolfson, Communications Manager for Law Enforcement, telephone number 719451