DDoS attacks are growing in size and number over the years. The sophistication level of these attacks has increased to such an extent that they have brought organizations to their knees. While there has been a significant rise in ransom-related DDoS (RDDoS) attacks in 2020, the trend continues to take a new shape as we settle into 2021. 

Evolution of DDoS extortion trend 

  • According to a new finding, threat actors behind a DDoS campaign have been found targeting the same set of victims that failed to pay the ransom. 
  • These victims were first hit by the gang in August or September 2020. However, when they failed to pay the initial ransom demand, they were sent additional ransom extortion emails in December 2020 and January. 
  • These victims were sent the second set of threatening messages after being hit with a DDoS attack that exceeded 200Gbps.  
  • This new change in tactic indicates that DDoS extortion is here to stay for a long time as the perseverance level of DDoS attackers to extort the targeted organizations increases.

New attack vectors facilitate more DDoS attacks

  • Cybercriminals behind DDoS campaigns are also beefing up their attacks with new attack vectors.
  • One of the attack vectors includes the abuse of Windows RDP systems. Researchers revealed that systems with RDP services enabled on UDP port 3389/TCP 3389 could be abused to launch UDP reflection/amplification attacks.
  • The other attack vector involves the exploitation of Plex Media servers. Over 27,000 Plex Media SSDP (PMSSDP) reflectors and amplifiers have been identified that can be abused to amplify DDoS attacks.

New botnet adds fuel to the flame

  • A new variant of the Mirai botnet, Matryosh, has been discovered in the wild that targets Android devices to facilitate DDoS attacks.  
  • The botnet scans Android Debug Bridge (ADB) interfaces that are vulnerable on TCP port 5555.  


DDoS attacks are increasing in popularity because they are relatively simple to carry out, even for low-level cybercriminals. Rather than having to rely on ransomware or other malware, DDoS attackers merely threaten their victims with the prospect of DDoS if the payment isn’t received by a deadline. While these types of attacks are not a new phenomenon for many online industries, attackers have recently set their sights on organizations across a wider variety of sectors, including financial services, government, and telecommunications.   

Cyware Publisher