Overview

It appears that the new syndicate of the Armada Collective referred to as the Phantom Squad is planning to launch a global DDoS attack on September 30th.  Below you will find a screenshot of the mass spear-phishing email that has been distributed to many organization and companies around the world. They are currently asking for $720 or .2 in bitcoin from the entity to prevent the possibility of becoming a potential victim to the reported DDoS attack.

The Phantom Squad made headlines back in 2015 as being associated with various successful denial-of-service attacks to include Xbox live, Sony PlayStation, and Steam.  However, some cyber security professionals in the industry claim that this is an empty threat that is only a means to potentially illegally acquire money or bitcoin.  Additionally, the email that is being sent to many companies around the world demanding small amounts of money may possibly be a single individual claiming to be affiliated with a once successful illegal organization for the possibility of financial gain.

Targeted Industries

Several thousand emails have gone out to many different organizations, companies, and industries; but, for the majority the industries fall into:

  • Education
  • Industrial
  • Finance
  • Manufacturing & Production

Attack Vectors

The primary DDoS attack type and protocols associated with DDoS attacks are indicated below. The following protocols were successfully used in previous attacks and are currently on the radar as potentially being used by the Phantom Squad to assist in their upcoming DDoS attack.

DDoS Attack Types:

  • SYN Flood
  • TCP SYN
  • SYN ACK
  • TCP RST

Protocols:

  • NTP
  • UDP
  • DNS
  • ICMP
  • SSDP
  • SSYN

Protective Measures

Currently the main recommendation from various security professionals in the industry are stating that if a company or organization received such an email claiming to be from the Phantom Squad they should not give into the ransom demands. However, multiple security solutions exist within the same security realm to include NSFOCUS’s ADS-M solution to help mitigate such denial-of-service attacks.

Today’s DDoS attacks are more frequent, complex, and destructive than ever. They often result in loss of revenue, loss of customers, damage to brand, reduced availability of services, and theft of vital data. The NSFOCUS ADS (Anti-DDoS System) provides comprehensive, multi-layered protection from today’s advanced DDoS threats.

The ADS includes technology powered by internationally-recognized research labs and developed with over 10 years of experience protecting the world’s largest banks, telecommunications, gaming, and social media companies. It uses an innovative, multi-stage approach to monitor, detect, and mitigate the most complex DDoS attacks. This ensures only legitimate traffic reaches important network and application resources, protecting uptime and managing risks associated with DDoS.

Leave a Reply

Your email address will not be published. Required fields are marked *