This Wednesday, at around 22:30 GMT our website — and a whole load of others — was brought down by a DDOS attack on our server facilities in the US. In fact, at time of writing, our datacentre is still under attack
A DDOS attack is a distributed denial-of-service attack and is essentially when a large network of computers floods a server with requests for pages, eventually crippling it so that it cannot respond to normal requests from readers such as you.
You might have experienced a similar thing when trying to buy tickets for an event where all of the tickets go on sale at the same time. So many eager spectators try to access the ticketing site all at the same time that the server simply cannot cope, and you end up with thousands of disgruntled customers taking to Twitter or the Daily Mail to express their dismay at bungling ticket merchants.
This attack was a highly sophisticated one that brought down our AT&T datacentre as well as nine others across the East Coast of the United States.
Attacks such as these are increasingly common, with some of the largest companies in the world having been impacted by them in the past 12 months — including Microsoft, Amazon, eBay, and even the FBI.
For us, this is the first time that our network has been brought down for at least 13 years, and obviously for IFSEC Global.com, having only launched two weeks ago, this is certainly the first time.
Now, obviously, the irony of being a website that covers the global security and fire industries being brought down by a cyberattack is not lost on me.
In fact, in many ways it’s been a unique insight into the pain that businesses can feel as a result of being targeted (though in this case, I understand we weren’t specifically targeted, just unlucky collateral damage).
How would your business cope?
As a global media business, we have extremely capable IT experts, but they were only able to bring our websites back up almost 24 hours after they went down.
The question you should ask yourself is: If your website were brought down by a similar incident tomorrow, how would your business cope, and how much would it cost you? Every hour that your website is down could mean hundreds or even thousands of pounds in potential lost leads for you.
There are a number of steps that you need to have taken:
- How long would it be until you even noticed that your website server was down? Have you set up automatic alerts for server downtime? If not, it could be hours or even days before you realise that your website is inaccessible.
- Make a list of the key contacts at your host and ISP who will be able to tell you what is going on and when they think the attack might be over.
- Now that you know your server is under attack, ask yourself if you’ve backed up your website recently. If you have a reasonably small website then you can get this set up with a new host relatively quickly. If you have a more complex website then you might want to follow the advice of DDOS specialist Mike Smith and create a smaller, simpler webpage that gives basic information about your business and services, and use another host to serve it.
- Once the attack is over, analyse what happened and how well your response coped.
If you’re of a more technical mindset, you might want to take a look at this network DDOS incident response cheat sheet. The key steps are grouped under: preparation; analysis; mitigation; wrap-up.
As these kinds of attacks become more and more common, I sincerely hope this is the last time I write an article such as this.
Free Download: The Video Surveillance Report 2023
Discover the latest developments in the rapidly-evolving video surveillance sector by downloading the 2023 Video Surveillance Report. Over 500 responses to our survey, which come from integrators to consultants and heads of security, inform our analysis of the latest trends including AI, the state of the video surveillance market, uptake of the cloud, and the wider economic and geopolitical events impacting the sector!
Download for FREE to discover top industry insight around the latest innovations in video surveillance systems.
PS. If you’re wondering why your profile picture isn’t showing, that’s connected to the server outage. Apologies again.
I’d also look at content and recent activity on the site, as a lot of DDOS and DOS attacks are from groups that may have felt criticized or angry about content on your site. While I worked on Flight Global we were targeted by after publishing stories about the Israeli Air Force, which they felt was a punishable action. Also could the attack have been from a competitor toward your site/service, awareness of this can help prevention strategies and also legal action. Was the attack, like in this case, to another site on a shared service or to a service… Read more »
Some great additional tips, thank you LawrenceB. In an industry such as security in particular, as you point out, there could be any number of potential ‘enemies’ responsible for the attack. The bigger the business, the bigger the threat.
Good questions that I’ve thought about. We’ll never know who was the real target of these attacks. The attack was targeted at an unused IP address in our service provider’s block of IP’s (so they weren’t owned, per se, by us). This was a good target for them, because there weren’t any protections on an unused IP, but it was routed to the set of data centers. This was a large sustained attack, with multi gigabyte floods coming from all of the internet pipes (like level3, at&t, etc), so all inroads were used, and there was a lot of bandwidth.… Read more »
What burn0050 and LawrenceB say is absolutely right, it is not so easily to establish whether the attack was the start of something else, and the DDOS was just a way to divert your resources away from the real attack. We have seen several security media sites attacked recently, as well as investigative journalist sites like the New York Times and the the Wall Street Journal. Although who or what the real target is, is difficult to identify quickly, what ever code is left behind (if anyone can find it) is often where the clues are going to be. So… Read more »
Thanks for that Sarb. I think it’s definitely important that we share any learnings we can to help others, and I’d echo your congratulations of the team that first spotted the attack and then ‘stopped the bleed’ as you put it.
If we ever managed to get to the bottom of who the real target was — unlikely as burn0050 explained — I’ll be sure to let you know.
They were obviously after our great comments to form some kind of masterclass book!
Brilliant! Yes, they’ve taken them and put them on their own security and fire community…