Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

The story of a DDoS extortion attack – how one company decided to take a stand

John E Dunn | June 16, 2016
German payment processor goes public on threats received last week

Fired by the liberation of disclosure, Gladis and Computop decided to go a stage further and publish a detailed account of their experience complete with lessons for other firms that might one day find themselves in the same predicament [Computerworld will link to this when it is posted online].

What seems to have crystallised the unusual decision to go public was a simple discovery.

"If you investigate you find out that they [DDoS attackers] target our industry," Gladis told Computerworld UK.  DDoS extortion threats were routinely being sent to other firms in the German payments sector, he realised, but nobody seemed prepared to discuss this open secret.

Sensing an opportunity to break a taboo it struck Gladis that this kind of secrecy might be precisely what the attackers thrived on. Having decided to defend itself, the firm came up with a plan of action.

"My first reaction we need to talk to our data centre because they will get as overwhelmed as much we will," says Gladis.

"We have a trusted relationship with many important merchants all over the world. They trust us and to honour this and we have to let them know that there is a threat. Some of them might want to take precautions knowing that in two days there might be a problem with their payment processing.

"A lot of large retailers came back saying that they liked being given a heads up. Nobody complained."

Having enlisted the support of the firm's datacentre provider, that company in turn told its upstream providers. Then Computop hired an ethical hacking consultancy to advise it before taking the decision to use cloud DDoS sink-holing from Imperva's Incapsula division.

Did the plan work?

The date and time for the promised attack came and went and nothing happend. Gladis was told by the company's pen-testers that the attackers would have been able to detect that the vulnerable servers were now within a mitigation cloud and probably simply backed off.

"We don't want to look like heroes who have beaten the enemy. We were just well prepared."

The attackers went elsewhere, most likely to less well defended targets.

The story of a DDoS extortion attack - firewall cluster

A fascinating side detail is that at the time period of the threatened attack the company was still struggling with a new firewall cluster it had recently installed. This sort of infrastructure would normally help with e-commerce and website availability but the trouble was it wasn't working as a single logical entity. In the nick of time, the firm's IT team resolved the issue with a software update.

Did Gladis have any worries about being so open?

 

Previous Page  1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.