New Threat Research: MalSync Teardown: From DLL Hijacking to PHP Malware for Windows  

Read Threat Research

Search

The Skiddies are Playing Dress-up

Script kiddies (Skiddies) are often the butt of many jokes from both security professionals and seasoned hackers alike, but they may have finally found a way to become a real threat.  Not necessarily an information security risk, like traditional hackers, but a financial risk.

Skiddie-self-portrait.jpeg

When security professionals hear names like “Lizard Squad”, “Anonymous”, or “The Armada Collective”, thoughts of significant risk immediately come to mind.  Most major players in the hacking community carry out their attacks and take credit afterwards, however, there are some who will put out threats and request ransoms prior to their attacks.  Armada Collective made a name for themselves doing this as well as a decent amount of money.

In programming and hacking culture, a script kiddie or skiddie is an unskilled individual who uses scripts or programs developed by others to attack computer systems and networks and deface websites.

Over the past year, there have been a number of attackers sending threats to major organizations pretending to be members of these various groups demanding a ransom payment in order to avoid a distributed denial of service (DDoS) attack.  Their hope is that by sending out a large number of ransom demands to various organizations that even if some see through the ruse they will still bring in a fair amount of money from the ones who do not realize they are not who they claim to be.

In many cases, skiddies will request a ransom that is a reasonable sum of money that most organizations are willing to part with without thinking too much about it.  In many cases, though, the claims being made by the attackers do not fall in line with the standard techniques of the groups they claim to be. For instance, when the Armada Collective would carry out an attack they would launch a small DDoS attack prior to sending their ransom demand, but those that we have seen imitating Armada Collective have only sent the ransom demand without attacking first.

In situations like these it is important to look closely at the ransom, who the ransomer claims to be, the way the ransom is being made, what types of organizations are typically targeted, and the events surrounding the threat before determining the risk level or making a decision in regards to paying the ransom.