Going After Nontraditional Targets
Sophisticated DDoS actors are increasingly going after infrastructure that is less likely to have resiliency such as an application server, file server, network-attached storage array or virtual server farm, said Matt Radolec, head of Varonis’ Incident Response team. By going after the hypervisor rather than just a couple of servers, adversaries can hold a victim’s entire backup infrastructure hostage, Radolec said.
Application servers will by design allow connections in and out, while virtual server farms have traditionally been seen as a piece of infrastructure rather than an attack point, Radolec said. If an entire virtual server farm is being held hostage following a ransomware attack, Radolec said the victim is much more likely to pay the ransom.
Similarly, organizations that aren’t sure whether or not they can bring their application server up safely on their own have a higher sense of urgency to pay to avoid that scenario, according to Radolec. More than 70 percent of DDoS attacks, though, are focused on data, with adversaries encrypting data, stealing it and threatening to post it online unless they receive a ransom payment, Radolec said.