‘Weird’ cyberattacks: accidental targets and collateral damage

There is a lot of talk these days about cybercriminals growing shrewder. They are less interested in getting notoriety for crashing a number of websites or launching large-scale mail worm

There is a lot of talk these days about cybercriminals growing shrewder. They are less interested in getting notoriety for crashing a number of websites or launching large-scale mail worm epidemics. Instead, they would now rather look for opportunities to make money. More and more targeted attacks have been detected recently, i.e. criminals know who they attacked and why. According to the recently published Kaspersky Lab’s survey “The Threat Landscape“, these types of attacks will prevail.

Sometimes, however, beside these thought out and well prepared targeted attacks, odd incidents happen in which the choice of targets seems ridiculous and unexpected – at first glance.

Apparently rational reason is not a prerequisite for a cyberattack anymore: just an ability to launch it is.

For instance, the so-called Syrian Electronic Army hacked BlenderArtists.com, a large forum for users of the popular 3D modeling freeware Blender. They also hacked the official twitter account of The Onion, a famous satirical website. Previously the SEA hacked the twitter accounts of the Associated Press and Reuters. Therefore, The Onion attack looked as though they had picked the wrong target that time. The BlenderArtists hack looked even stranger: these forums have absolutely nothing to do with international affairs and politics.

It seems that the SEA had their reasons to do what they did though, as every resource they hacked was used to promote their cause by either defacing it, placing their propaganda on it or setting a redirect towards their own sites. Although their last victim, Forbes, encountered a direct ransom attempt: hackers demanded money for them to stop their attacks.

Similarly DDoS attacks against online game servers may appear illogical, too. Paid multiplayer online games, both subscription-based and ‘free-to-play’, where players can (or rather have to) purchase some in-game items or additional content, clearly attract the attention of cybercriminals who see them as yet another opportunity to get other people’s money. But the DDoS attack is a mere attempt to stall an entire service. For instance, huge attacks of that kind were directed against the League of Legends online game as well as Electronic Arts’ EA.com and Blizzard’s Battle.net services. But why?

It appears those attacks had their reasons, too, although they may seem just as crazy. A hacking group DERP DDoS’ed servers of the games played by someone under the alias Phantoml0rd, a ‘professional streamer’ who runs a very popular online video channel at Twitch.tv, streaming his own gaming process in several games. His channel has over 350,000 subscribers, and that means that he must have some very good advertising profit. It is unknown what grudges he had with DERP (who claim to be a ‘trolling’ group), but it is clear that all the havoc they wreaked was simply to target a single person. All the rest were merely collateral damage.

Here is an interesting detail: it’s DERP that used the notorious ‘new’ method of amplifying DDoS-attacks with NTP traffic that we have recently described.

The examples listed above show that rational reasons are not really a prerequisite for a cyberattack anymore: simply having the ability to launch it is, accompanied with some weaknesses in a target. The human factor is certainly present here: the Syrian Electronic Army started most of their raids with successful phishing and spearphishing attacks.

Even popular resources have been attacked, as shown in the examples above; the point is that these are hyped stories. A lot of less prominent attacks have occurred in the background day in day out, and all companies need to be constantly ready to deal with them – as ready as possible.