Github Hit with 1.35 Terabits Per Second

UPDATE:  The article says that the 1.35 terabit attack is the largest on record.  Well it was.  For FOUR days.  Using the same technique another U.S. based but unnamed service provider was hit with a 1.7 terabit per second attack a few days after the Github attack.

Denial of Service attacks (called DoS or DDoS) are an attempt by a hacker to stop other legitimate users from using a service, typically a web site, that the hacker is mad at for some reason or is being paid to bring down.  These attacks, by themselves, do not steal any data.  Sometimes, DDoS attacks are used as a distraction from a real attack – kind of like a bank robber starting a warehouse fire across town while the bank is being robbed, to distract the police.

Back in the dark ages – like ten years ago – a denial of service attack was considered large if it hit 20 gigabits per second.   To put that in perspective, today a personal home Internet connection could be as fast as 1 gigabit per second, so that kind of attack would be like 20 homeowners ganging up on a web site to take it down.

Over the last ten years, the size of DDoS attacks has grown.  A lot!

This week Github, a popular web site with software developers, was hit with a DDoS attack that measured 1,350 gigabits per second.  That might be 75 times bigger than what was considered a large attack ten years ago.

This chart shows the history of DDoS attack size over the last 20 years:

These attacks could happen because someone thought the owner of the site treated him or her badly or even launched (illegally, of course) by a competitor.

Sometimes these attacks last for a few minutes; other times they can last for days or, rarely, weeks.

If your business came under attack and the attack lasted for a few minutes, you would be annoyed but it probably would not have a major impact on your revenue or your reputation.

But what if it lasted for an hour?  Or a few hours.

One reason hackers launch DDoS attacks is to demand ransom.

If you don’t pay the extortion demand, we will launch a sustained attack on your business,   Or periodic, relatively short but totally random, attacks.  What would the business impact of that be?  Likely more damaging.

Not only  is the size of these attacks growing, but the absolute number of attacks is growing – Akamai, one of the vendors that can protect you against these attacks, said that attacks were up 14% between 4Q2016 and 4Q2017 and those growth numbers are modest compared to other quarters.

The good news is that there are services, some free, some paid, that help businesses protect themselves.

For large attacks like the Github attack, the services are all paid because of the amount of resources required to neuter the attack.

For smaller attacks the free services should work just fine.

BUT, you cannot buy these services after an attack is active because it takes some time for the process to kick in.  To be completely technically accurate, you can buy the service after the attack starts, but  if you do, you may be down for hours until the new address of your website, for example, propagates across the Internet.  You could even be down for days as you reprogram parts of your site work work with the new software.

My recommendation for all businesses is to subscribe to one of the free services now.  It will take some work to tweak them to make it work for each web site, so do that before someone points a machine gun at your web site.  You can always upgrade to the paid service if you ever need it.

For more details on exactly how Github dealt with the attack, read the article on Wired.

Facebooktwitterredditlinkedinmailby feather

Tim Hortons Restaurant Franchisees Threaten to Sue Over Breach

What happens if you are a restaurant and your cash register system gets hit by a virus?  Short Answer:  You close the doors and turn off the lights.

That is exactly what happened hundreds of Tim Hortons restaurants in Canada.  Apparently Tim Hortons is something like a Dunkin Donuts serving coffee, donuts and some light food, but this week many are not serving anything.

The chain, which has over 4,000 stores in Canada, was hit by some form of virus which targeted their Panasonic cash register systems.  No cash registers, no sales.

Franchisees, which, apparently, are forced to use systems provided by the parent company Restaurant Brands International or RBI, are, not surprisingly, unhappy.

The Great White North Franchisee Association, which represents the majority of the franchisees in Canada, has sent a letter to RBI which blames RBI for the malware, demands financial compensation for lost sales, wages to employees who could not work, reputational damage and spoiled food.

GWNFA says that if RBI refuses to meet with them by tomorrow (they sent the letter earlier in the week), they will file suit against the franchisor.

Since the parent company (the franchisor) is dictating the cash register systems and, apparently, responsible for them, it is not completely unreasonable they the courts could rule that they are financially responsible for the franchisees’ losses.

The Franchisees are saying that Restaurant Brands has “deficient” IT practices.

I have no clue which side is right in this particular battle, but it seems like hospitality chains in general, which seem to get hit with malware regularly, are not placing a high enough priority on cyber security.

According to RBI, most of the stores are back open again, but that doesn’t address the costs that the franchisees were hit with.

Couple of thoughts –

Given that malware in hospitality seems to be a given and also given that having a working point of sale system for a fast food restaurant is critical, not having a business continuity plan, or at least one that worked, is kind of a problem.  Do you have a tested business continuity plan?

It would also appear, given that they are asking the franchisor for compensation, that they didn’t have cyber risk insurance.  If they did, it should have covered lost income, wages, spoiled food, etc.  The insurance company would then pay the claims and the insurance company would sue the parent company, if they thought the parent was responsible.  Not having cyber risk insurance these days is like playing Russian roulette with at least 3 bullets – playing really bad odds.  Do you have the appropriate cyber risk insurance?

Every business should be planning for how to deal with a cyber attack unless using computers is not important to the continued operation of the company – and that, probably, is a very small percentage of the businesses.  PLAN NOW OR REACT LATER.  Reacting is, likely, not going to be very pretty.

Information for this post came from CBC and NARCITY.

Facebooktwitterredditlinkedinmailby feather