The social networking site Meetup.com has become the victim of a DDoS-for-ransom attack in this period. The incident began on 27 February when Meetup’s CEO received an email claiming that a competitor had asked them to perform a DDoS attack, asking for $300 to stop it. When Meetup declined to pay the fee, intermittent outages ensued, lasting until 3 March. Initial reports suggest that the incident involved a Network Time Protocol (NTP) attack of around 8GB per second.
The likely prevalence of NTP DDoS attacks was assessed in our report of 20 February, though this incident appears to be considerably smaller and less professional than the prior attack. Notably, the paltry size of the ransom – which was presumably sufficient to cover the perpetrator’s cost and provide some profit – demonstrates the low cost of mounting an attack capable of disrupting a site with around 17 million members. Greater awareness of NTP and the potentially more disruptive Simple Network Management Protocol technique will reduce opportunities for attackers in the long run, with efforts to reduce the number of vulnerable servers that are available to amplify attacks having made some progress. However, their continued accessibility in the near future is likely to ensure DDoS attacks retain their significance for a range of operators, who are assessed to be seeking targets who will be most vulnerable to such incidents.