There are a few lessons to be learned as a result of the massive attack on the Meetup web site in early March 2014. That attack meant that Meetup, a very large site used to organise meetings of every size and type, wasn't available for more than two days. It has more than 15,000,000 members and more than 300,000 meetings per month organised through it.
The Meetup blog helpfully provided lots of information about the attack, and the email that gave notice of it. While the email suggests that the attack was at the instigation of a competitor, and that the attack would stop if $300 was paid, it's obvious that neither statement was true. If someone does this sort of damage to a business, why would you consider anything he/she says to be even remotely truthful?
The distributed denial of service (DDoS) attack meant that Meetup's servers were overwhelmed by requests for data, and so the site simply stopped operating. Clever work by their engineers and consultants resulted in the site coming back on line.
Meetup rightly refused to pay the blackmail amount, not trusting that it would stop the attacks, nor believing that such payments are appropriate.
Meetup's response was to reassure customers that their data was safe, and keep their users informed of what was happening. It's basic good practice in customer relations to be transparent when issues arise, and it's astounding how many organisations think that by denying there is a problem, or not providing information, is a smart move (airlines, especially).
While this attack was somewhat novel, allowing a smaller number of zombie computers to create a large attack, one of the solutions was to ensure that the servers were patched to the latest revision and applying specific patches. Lesson: keep your servers up to date.
Business continuity: do you or your clients rely on an internet presence to do business? If so, then you need to ensure servers are properly patched, and there is a business continuity plan in place (prepared with the advice of experts - not just some tech guys). By way of example, Meetup used CloudFlare to assist them and improve their ability to withstand attacks.
The Meetup blog helpfully provided lots of information about the attack, and the email that gave notice of it. While the email suggests that the attack was at the instigation of a competitor, and that the attack would stop if $300 was paid, it's obvious that neither statement was true. If someone does this sort of damage to a business, why would you consider anything he/she says to be even remotely truthful?
The distributed denial of service (DDoS) attack meant that Meetup's servers were overwhelmed by requests for data, and so the site simply stopped operating. Clever work by their engineers and consultants resulted in the site coming back on line.
Meetup rightly refused to pay the blackmail amount, not trusting that it would stop the attacks, nor believing that such payments are appropriate.
Meetup's response was to reassure customers that their data was safe, and keep their users informed of what was happening. It's basic good practice in customer relations to be transparent when issues arise, and it's astounding how many organisations think that by denying there is a problem, or not providing information, is a smart move (airlines, especially).
While this attack was somewhat novel, allowing a smaller number of zombie computers to create a large attack, one of the solutions was to ensure that the servers were patched to the latest revision and applying specific patches. Lesson: keep your servers up to date.
Business continuity: do you or your clients rely on an internet presence to do business? If so, then you need to ensure servers are properly patched, and there is a business continuity plan in place (prepared with the advice of experts - not just some tech guys). By way of example, Meetup used CloudFlare to assist them and improve their ability to withstand attacks.
No comments:
Post a Comment