Cyber Tales

Cyber Tales: Defending Against dDOS Attacks

BOXX Client Profile: Maeve Goode
President of Goode Atlantic

How BOXX’s vCISO helped combat a scary attack on a company’s systems.

Places, industries, and names have been changed to preserve client privacy.

Goode Atlantic is a 4th-generation, Nova Scotia family-owned-and-operated company. They’re an online distributor of plumbing and HVAC supplies. With 150 employees, Goode Atlantic has multiple locations across the Maritimes.

Maeve’s great-grandfather, Dermot Goode, was an apprentice plumber when he left Cork, Ireland, for Halifax in 1890. Within five years, he opened his own plumbing and radiator shop on Hollis Street and moved his wife and twin boys into the apartment above the shop. Over the next 20 years the family built up a successful business that expanded into commercial supply. The business has stayed in the family with Maeve succeeding her father as president of Goode Atlantic in 2013. Over the last decade, Maeve has overseen the addition of online direct ordering for customers and commercial clients.

Shortly after logging on to her work computer, Goode Atlantic’s president, Maeve Goode noticed the company website was lagging. It was Monday morning. Everything was slow. Her commute through one of Halifax’s predictably unexpected spring snowstorms had been eternal. Her fingers were taking forever to warm up. She wasn’t surprised the website was loading pages at a snail’s pace. Probably a case of the updates, she thought to herself.

She decided to reboot and make a cup of coffee while her laptop did its thing. But when Maeve returned to her desk, she was surprised when the website wouldn’t load at all. She decided to email Goode’s IT Manager, Luc Surette about it. That’s when she saw an email in her inbox with the subject line “Request: DDoS Attack on Goode Atlantic”. It had to be spam, Maeve thought.  However, when she read, “This is not a hoax. Goode Atlantic has been selected for our next DDoS attack,” her heart sank. The email went on to demand $20,000 in bitcoin for instructions on how they were causing the DDoS attack on the company website and how to stop it, given they had found a vulnerability . The email closed with, “If you don’t pay, we will completely destroy your reputation and make sure services remain offline until you pay.”

Then the phone calls started. All Goode Atlantic branch managers had received the same email. No one could access the website. No online payments could be processed. No clients could request services. And what about their customers’ private information?  Were clients’ payment details safe? Maeve couldn’t answer their questions, but she hoped Luc could.  And within a few minutes, he was able to confirm that the company was indeed the target of a Distributed Denial of Service or “DDoS” attack. Luc identified that the cyber gang was exploiting an SQL injection to bring down the website, but he couldn’t figure out how they were doing it.

Cyber insurance: the best business decision

In response the IT team set up a up a firewall using Microsoft’s Azure to try to block the attack. But as late afternoon closed in, it became clear the fix wasn’t working. To make matters worse, the hackers continued to email hourly, growing more demanding and threatening to completely disable the company’s network.

Maeve was worried about the loss of sales, but she was more concerned about damage to the reputation of her family’s business. At this point, she was furious with the cyberbullies.

“My great grandfather had a reputation for never backing down. There was no way I was going to let a gang of thugs compromise what he’d built. With every email they sent me, the more I resolved to shut them down. I knew we needed help, so I had Luc contact our cyber insurance providers and I sat in on the call.”

Luc was in over his head. At first, he was worried about Maeve’s response. Didn’t she trust him? But as the hours wore on and the threats increased, he knew he had to put his self-interest aside. He also cared about Goode Atlantic. He grew up in Halifax and remembered going with him mom to pick up a shiny new faucet after she’d renovated their little kitchen the year after his dad died. He knew their Cyberboxx Business plan from BOXX included cyberattack response services, but he didn’t expect to speak directly to their Virtual Chief Information Security Officer (vCISO), Jack Brooks on his first call with them.

vCISO Services

“I figured we’d get hooked up with a helpdesk and maybe get some advice on how minimize the damages. I did not expect to be connected directly with BOXX’s vCISO team in that initial phone call.”

With decades of security experience in multiple industries, Jack was able to reassure Maeve and advise Luc immediately.

“Maeve was distressed but determined. I always appreciate it when leadership takes an interest in their company’s cyber security. And Luc is a skilled IT professional. With both on board, we were able to get right to work with our forensic investigation.”

Jack and the BOXX Hackbusters team of security experts discovered a vulnerability with Microsoft’s web application firewall. Within hours, the team created new traffic handling rules for the firewall and limited the thousands of repeated requests the hackers were sending to assault Goode’s systems.

“How a distributed denial of service (DDoS) attack works, is attackers flood a server with requests or internet traffic to overwhelm the network. This prevents customers and staff from accessing the system. E-commerce sites are especially impacted by this kind of cyberattack. If it’s not caught quickly, businesses not only lose sales, but customers. We knew this was a big concern for Maeve. Reputation is everything. I’m glad our team was able to turn this around quickly before any real damage was done.”

To slow down the attack, Jack advised Luc to restrict site access to Canadian traffic while he updated the firewall and scanned the company’s entire Microsoft 365 environment to check for cross-contamination.

“The Hackbusters found a vulnerability in our firewall. We use Microsoft’s Azure and normally it’s pretty good at detecting DoS attacks. However, we…or I… hadn’t updated it,” admitted Luc. “And sure enough, the opportunists came knocking. It was one of those face palm moments. Thankfully they figured it out. We didn’t even have to file a claim.”

The experience was also an education for Maeve.

“It had never occurred to me that we could be targeted. Of course, we have cyber insurance—that’s just what you do when you have an e-commerce site. But I had only really thought of it as a box to check so our IT team could set us up to process online payments. I just assumed we were too small potatoes to attract hackers.”

This isn’t unusual, according to Jack.

“Many of our clients think of cyber insurance as a hoop to jump through. But any size business can be targeted by cyber criminals. A company like Goode Atlantic may not be a big corporation, but they are part of a bigger supply chain. Criminals extort smaller suppliers to pay ransom to avoid the hassle and often more difficult task of disrupting bigger players. And sometimes any vulnerability in a supply chain can be gateway to a much larger security breach.”

A small oversight can lead to serious consequences. With the help of Jack Brooks and the BOXX Hackbusters team, Goode Atlantic dodged a bullet.

“It wasn’t fun. In fact, I think I aged 10 years that day,” joked Maeve. “My blood still boils when I think about the extortion emails. But I’m not sorry it happened. I have a much better understanding of cyber security and it was an important wake-up call for Luc and our IT department. Thanks to Jack and his team, the cyberbullies lost. I think Dermot Goode would approve.”

Interested in more real-life cyber stories?
Sign-up for the BOXX Newsletter today.

Join over 5,000+ others that receive our newsletter updates. Filled with expert advice and product announcements to help prevent a cyber incident. Get insider access to news around BOXX innovations, cyber tips and case studies that allow you to stay up to date on all things cyber.

Related posts

Cyber Tales Cyber Tales: Mindfulness over Malware

Cyber Tales: Mindfulness over Malware

BOXX Client Profile: Wren Lee
IT Lead at Pacific Wellness Connect

Cyber Tales Cyber Tales: Concrete Solutions for digital threat prevention

Cyber Tales: Concrete Solutions for digital threat prevention

BOXX Client Profile: Phillip Nguyen
IT Manager at AggreGREAT Alberta