​What would you do if you received this message?

This was shared with me, earlier this week. It is a fascinating read……

Let me stop here and let you enjoy this.

So what do you do?

You already have been bombarded with 4 million packets per second and you know that it is only time until your system vulnerabilities will start to be exposed. Actually you don’t really know what will happen, as this is the first time you have witnessed this event happening before your eyes.

Once you have got over the poor English language that has been used in the message, it dawns on you that ‘Houston we have a problem’

So what are your options:

  • Call your Telecom provider and ask for their assistance?
  • Get out that business card and buy a DDOS service?
  • Go online and buy 100 bitcoins?
  • Pray like hell or go straight to the pub?

Option 1 your Telco Provider

This is when you try to call in the favour and get your partner to help.

Of course this all depends on your business scale etc and how long you have been working together. However it is unlikely that they would support you, as the attack will start to effect their own service.

Option 2 Buy DDOS

There is no time to negotiate the rate, so it will be at the top of the range of the price book. It is likely that you will need to escalate the approval as it is outside of normal delegated authority.

You will expect that while this measure will work, that there will be questions asked from Risk Committees, Procurement and others about why this transpired. While you may get the organisation out of trouble, you may have landed in it along the way.

Option 3 Buy Bitcoins

There is never a fast way to acquire Bitcoins, unless you have already traded in the past and have already completed the normal KYC process.

If you do have Bitcoins, then you will also be suspicious that this is not going to be the end of the demands.


Option 4 - Pray like hell or Go to the Pub

Sorry, this will only serve to soothe you and numb your feelings. But actually not have any added benefit to the situation.

It may be cheaper than 100 bitcoins, but your career may be over and there’s not much that you can do.

The Real Case Study

In this real life example, that occurred option 2 was chosen by the client.

They actually had a DDOS service that was in-place and they had tested this on a periodic basis. The SLA was 15 minutes and this was nearly met, however there was human judgment involved and that delayed this by a few additional minutes.

As the business was an online mobile based company, any outage would have dire consequences and the hackers chose the perfect time to strike – which happened to be at an expected peak time.

Once the network traffic was diverted via the DDOS provider, the danger was averted and in effect the attack was abandoned………Life reverted to normal.

Some Learnings

At the time of the crisis – a 3rd party organization was engaged to provide the Network and Cyber Security monitoring and they took the necessary and express actions to address the issue. They told me this story and to protect the innocent they have declined to be named or to share their client’s name.

This is even when things actually worked out well.

The other learning was that it was expected that this organization could withstand up to 500MB before the firewalls would start to drop packets and become useless.

However the learning was that the packets that were sent to flood the firewall were designed to maximize damage and the issue kicked in much earlier than expected at 300MB of bandwidth.

It is not impossible but actually very hard to practice such a scenario.

Join the CSO newsletter!

Error: Please check your email address.

Tags bitcoinsSLAddossystem vulnerabilitiesDavid GeeCSO Australia

More about

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Gee

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts