Cyber Tales

Cyber Tales: Defending Against dDOS Attacks

BOXX Client Profile: Maeve Goode
President of Goode Atlantic

How BOXX’s vCISO helped combat a scary attack on a company’s systems

Places, industries, and names have been changed to preserve client privacy.

Bridget’s great-grandfather, Dermot Byrne, was an apprentice plumber when he left Cork, Ireland, for Bangor, Maine in 1890. Within five years, he opened his own plumbing and radiator shop on Broad Street and moved his wife and twin boys into the apartment above the shop. Over the next 20 years, the family built up a successful business that expanded into commercial supply. The business has stayed in the family with Bridget succeeding her father as president of Byrne Atlantic in 2013. Over the last twelve years, Bridget has overseen the addition of online direct ordering for customers and commercial clients.

Shortly after logging on to her work computer, Byrne Atlantic’s president, Bridget Byrne, noticed the company website was lagging. It was Monday morning. Everything was slow. Her commute through one of Bangor’s predictably unexpected spring snowstorms had been eternal. Her fingers were taking forever to warm up. She wasn’t surprised the website was loading pages at a snail’s pace. Probably a case of the updates, she thought to herself.

She decided to reboot and make a cup of coffee while her laptop did its thing. But when Bridget returned to her desk, she was surprised when the website wouldn’t load at all. She decided to email Byrne’s IT Manager, Luke Surette, about it. That’s when she saw an email in her inbox with the subject line “Request: DDoS Attack on Byrne Atlantic”. It had to be spam, Bridget thought. However, when she read, “This is not a hoax. Byrne Atlantic has been selected for our next DDoS attack,” her heart sank. The email went on to demand $20,000 in bitcoin for instructions on how they were causing the DDoS attack on the company website and how to stop it, given they had found a vulnerability. The email closed with, “If you don’t pay, we will completely destroy your reputation and make sure services remain offline until you pay.”

Hackbusters

Then the phone calls started. All Byrne Atlantic branch managers had received the same email. No one could access the website. No online payments could be processed. No clients could request services. And what about their customers’ private information? Were clients’ payment details safe? Bridget couldn’t answer their questions, but she hoped Luke could. And within a few minutes, he was able to confirm that the company was indeed the target of a Distributed Denial of Service or “DDoS” attack. Luke identified that the cyber gang was exploiting an SQL injection to bring down the website, but he couldn’t figure out how they were doing it.

In response, the IT team set up a firewall using Microsoft’s Azure to try to block the attack. But as late afternoon closed in, it became clear the fix wasn’t working. To make matters worse, the hackers continued to email hourly, growing more demanding and threatening to completely disable the company’s network.

Bridget was worried about the loss of sales, but she was more concerned about damage to the reputation of her family’s business. At this point, she was furious with the cyberbullies.

“My great-grandfather had a reputation for never backing down. There was no way I was going to let a gang of thugs compromise what he’d built. With every email they sent me, the more I resolved to shut them down. I knew we needed help, so I had Luke contact our cyber insurance providers and I sat in on the call.”

Luke was in over his head. At first, he was worried about Bridget’s response. Didn’t she trust him? But as the hours wore on and the threats increased, he knew he had to put his self-interest aside. He also cared about Byrne Atlantic. He grew up in Bangor and remembered going with his mom to pick up a shiny new faucet after she’d renovated their little kitchen the year after his dad died. He knew their Cyberboxx Business plan from BOXX included cyberattack response services, but he didn’t expect to speak directly to their Virtual Chief Information Security Officer (vCISO), Jack Brooks, on his first call with them.

“I figured we’d get hooked up with a help desk and maybe get some advice on how to minimize the damages. I did not expect to be connected directly with BOXX’s vCISO team in that initial phone call.”

With decades of security experience in multiple industries, Jack was able to reassure Bridget and advise Luke immediately.

“Bridget was distressed but determined. I always appreciate it when leadership takes an interest in their company’s cybersecurity. And Luke is a skilled IT professional. With both on board, we were able to get right to work with our forensic investigation.”

Cyber insurance: the best business decision

Jack and the BOXX Hackbusters team of security experts discovered a vulnerability with Microsoft’s web application firewall. Within hours, the team created new traffic handling rules for the firewall and limited the thousands of repeated requests the hackers were sending to assault Byrne’s systems.

“How a distributed denial of service (DDoS) attack works, is attackers flood a server with requests or internet traffic to overwhelm the network. This prevents customers and staff from accessing the system. E-commerce sites are especially impacted by this kind of cyberattack. If it’s not caught quickly, businesses not only lose sales but customers. We knew this was a big concern for Bridget. Reputation is everything. I’m glad our team was able to turn this around quickly before any real damage was done.”

To slow down the attack, Jack advised Luke to restrict site access to U.S. traffic while he updated the firewall and scanned the company’s entire Microsoft 365 environment to check for cross-contamination.

“The Hackbusters found a vulnerability in our firewall. We use Microsoft’s Azure, and normally it’s pretty good at detecting DoS attacks. However, we…or I… hadn’t updated it,” admitted Luke. “And sure enough, the opportunists came knocking. It was one of those face-palm moments. Thankfully they figured it out. We didn’t even have to file a claim.”

The experience was also an education for Bridget.

“It had never occurred to me that we could be targeted. Of course, we have cyber insurance—that’s just what you do when you have an e-commerce site. But I had only really thought of it as a box to check so our IT team could set us up to process online payments. I just assumed we were too small potatoes to attract hackers.”
This isn’t unusual, according to Jack.

“Many of our clients think of cyber insurance as a hoop to jump through. But any size business can be targeted by cybercriminals. A company like Byrne Atlantic may not be a big corporation, but they are part of a bigger supply chain. Criminals extort smaller suppliers to pay ransom to avoid the hassle and often more difficult task of disrupting bigger players. And sometimes any vulnerability in a supply chain can be a gateway to a much larger security breach.”

A small oversight can lead to serious consequences. With the help of Jack Brooks and the BOXX Hackbusters team, Byrne Atlantic dodged a bullet.

“It wasn’t fun. In fact, I think I aged 10 years that day,” joked Bridget. “My blood still boils when I think about the extortion emails. But I’m not sorry it happened. I have a much better understanding of cybersecurity and it was an important wake-up call for Luke and our IT department. Thanks to Jack and his team, the cyberbullies lost. I think Dermot Byrne would approve.”

Interested in more real-life cyber stories?
Sign-up for the BOXX Newsletter today.

Join over 5,000+ others that receive our newsletter updates. Filled with expert advice and product announcements to help prevent a cyber incident. Get insider access to news around BOXX innovations, cyber tips and case studies that allow you to stay up to date on all things cyber.


Related posts

Cyber Tales Cyber Tales: Safeguarding Steel

Cyber Tales: Safeguarding Steel

BOXX Client Profile: Joseph Bear
Operations Manager at SaskaSteel

31/03/2024
Cyber Tales Cyber Tales: Mindfulness over Malware

Cyber Tales: Mindfulness over Malware

BOXX Client Profile: Wren Lee
IT Lead at Pacific Wellness Connect

01/05/2024