{"id":14931,"date":"2014-02-20T16:45:36","date_gmt":"2014-02-20T16:45:36","guid":{"rendered":"http:\/\/kasperskydaily.com\/b2b\/?p=1489"},"modified":"2020-02-27T03:40:10","modified_gmt":"2020-02-26T16:40:10","slug":"weird-cyberattacks-accidental-targets-and-collateral-damage","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.au\/blog\/weird-cyberattacks-accidental-targets-and-collateral-damage\/14931\/","title":{"rendered":"&#8216;Weird&#8217; cyberattacks: accidental targets and collateral damage"},"content":{"rendered":"<p>There is a lot of talk these days about cybercriminals growing shrewder. They are less interested in getting notoriety for crashing a number of websites or launching large-scale mail worm epidemics. Instead, they would now rather look for opportunities to make money. More and more targeted attacks have been detected recently, i.e. criminals know who they attacked and why. According to the recently published <a href=\"http:\/\/media.kaspersky.com\/en\/business-security\/kaspersky-threat-landscape-it-online-security-guide.pdf\" target=\"_blank\" rel=\"noopener nofollow\">Kaspersky Lab\u2019s survey \u201cThe Threat Landscape<\/a>\u201c, these types of attacks will prevail.<\/p>\n<p>Sometimes, however, beside these thought out and well prepared targeted attacks, odd incidents happen in which the choice of targets seems ridiculous and unexpected \u2013 at first glance.<\/p>\n<div class=\"pullquote\">Apparently rational reason is not a prerequisite for a cyberattack anymore: just an ability to launch it is.<\/div>\n<p>For instance, the so-called Syrian Electronic Army <a href=\"https:\/\/business.kaspersky.com\/security-incidents-digest-aug-18-sep-18\/\" target=\"_blank\" rel=\"noopener nofollow\">hacked<\/a> BlenderArtists.com, a large forum for users of the popular 3D modeling freeware Blender. They also hacked the official twitter account of The Onion, a famous satirical website. Previously the SEA hacked the twitter accounts of the Associated Press and Reuters. Therefore, The Onion attack looked as though they had picked the wrong target that time. The BlenderArtists hack looked even stranger: these forums have absolutely nothing to do with international affairs and politics.<\/p>\n<p>It seems that the SEA had their reasons to do what they did though, as every resource they hacked was used to promote their cause by either defacing it, placing their propaganda on it or setting a redirect towards their own sites. Although <a href=\"http:\/\/www.forbes.com\/sites\/lewisdvorkin\/2014\/02\/18\/inside-forbes-after-a-digital-attack-a-story-of-recovery-and-what-it-means\/\" target=\"_blank\" rel=\"noopener nofollow\">their last victim, Forbes, encountered a direct ransom attempt<\/a>: hackers demanded money for them to stop their attacks.<\/p>\n<p>Similarly DDoS attacks against online game servers may appear illogical, too. Paid multiplayer online games, both subscription-based and \u2018free-to-play\u2019, where players can (or rather have to) purchase some in-game items or additional content, clearly attract the attention of cybercriminals who see them as yet another opportunity to get other people\u2019s money. But the DDoS attack is a mere attempt to stall an entire service. For instance, huge attacks of that kind were directed against the League of Legends online game as well as Electronic Arts\u2019 EA.com and Blizzard\u2019s Battle.net services. But why?<\/p>\n<p>It appears those attacks had their reasons, too, although they may seem just as crazy. A hacking group DERP DDoS\u2019ed servers of the games played by someone under the alias Phantoml0rd, a \u2018professional streamer\u2019 who runs a very popular online video channel at Twitch.tv, streaming his own gaming process in several games. His channel has over 350,000 subscribers, and that means that he must have some very good advertising profit. It is unknown what grudges he had with DERP (who claim to be a \u2018trolling\u2019 group), but it is clear that all the havoc they wreaked was simply to target a single person. All the rest were merely <i>collateral damage<\/i>.<\/p>\n<p>Here is an interesting detail: it\u2019s DERP that used the notorious \u2018new\u2019 method of amplifying DDoS-attacks with NTP traffic that <a href=\"https:\/\/business.kaspersky.com\/ddos-attacks-with-ntp-amplification-and-their-risk-for-business\/\" target=\"_blank\" rel=\"noopener nofollow\">we have recently described<\/a>.<\/p>\n<p>The examples listed above show that rational reasons are not really a prerequisite for a cyberattack anymore: simply having the ability to launch it is, accompanied with some weaknesses in a target. The human factor is certainly present here: the Syrian Electronic Army started most of their raids with successful phishing and spearphishing attacks.<\/p>\n<p>Even popular resources have been attacked, as shown in the examples above; the point is that these are hyped stories. A lot of less prominent attacks have occurred in the background day in day out, and all companies need to be constantly ready to deal with them \u2013 <a href=\"https:\/\/business.kaspersky.com\/the-threat-landscape-2014-protecting-the-perimeter\/\" target=\"_blank\" rel=\"noopener nofollow\">as ready as possible<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>There is a lot of talk these days about cybercriminals growing shrewder. They are less interested in getting notoriety for crashing a number of websites or launching large-scale mail worm<\/p>\n","protected":false},"author":209,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1999,2994],"tags":[2071,2072],"class_list":{"0":"post-14931","1":"post","2":"type-post","3":"status-publish","4":"format-standard","6":"category-business","7":"category-smb","8":"tag-cyberattacks","9":"tag-ddos-attacks"},"hreflang":[{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/weird-cyberattacks-accidental-targets-and-collateral-damage\/14931\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/weird-cyberattacks-accidental-targets-and-collateral-damage\/14931\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/weird-cyberattacks-accidental-targets-and-collateral-damage\/14931\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.au\/blog\/tag\/cyberattacks\/","name":"cyberattacks"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts\/14931","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/users\/209"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/comments?post=14931"}],"version-history":[{"count":2,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts\/14931\/revisions"}],"predecessor-version":[{"id":26238,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts\/14931\/revisions\/26238"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/media?parent=14931"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/categories?post=14931"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/tags?post=14931"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}