Recently, we moved one of our customers to the cloud which helped them save money over their previous IT provider, gave them better tools in their office and secured their office network.  Great win!

At the same time we recommended that steps were taken to secure their website.

They took the decision to prioritise their office move due and to deal with the security side at a later date. Unfortunately, four weeks later they suffered a cyber attack. In fact, it was a double attack; a brute force attack followed by a DDoS attack. Their website received 21.6 million hits in the space of nine hours which took down their website and their web server.

Our customer’s website was provided by a web hosting company and made use of free website protection offered at the time of purchase; this was still in place. Once the volume of website visits started to ramp up significantly, our customer realised something was badly wrong and in a state of panic subscribed to a popular website protection service at $20. This is a great, comprehensive, platform but it needed (a) some expertise to set it up properly to protect them at all (it didn’t deflect anything initially) and (b) to protect them properly from the attacks meant they had to pay $300 for the enterprise license. At this point they picked up the phone to us here at YouCloudIT and we acted quickly to help and support:

  • We configured what they had bought to protect them as best as possible for the $20 they paid (out of the 21.6 million hits, this popular web protection platform deflected exactly 79 website hits)
  • We immediately started managing and controlling the traffic to minimise the impact of the attack
  • We then deployed YouCloudIT WebSafe (currently available at £24.99 per month) and used it to fully manage the cyber attack

So what had happened?

  1. The attack was twofold; the first attempted to exploit any vulnerabilities on their server. The free website protection actually helped to protect the server. Sadly, in doing its job, it was eventually overrun and their website was taken down.
  2. Cybercriminals have access to malware they have deployed onto PCs around the world (common and done by various means such as hyperlinks in emails and downloads on your PC etc).
  3. The cybercriminal in this instance then made use of these PCs to initiate a sustained attack from these devices onto our customer’s website.
  4. Their website had received 21.6 million hits which, due to the volume, resulted in their server not being able to respond and would simply stop.
  5. We tracked what type and source of traffic was being aimed at our customer and identified quickly that the traffic was coming from different countries around the world: 70% of the traffic was coming from Egypt and 10% from Iraq with 20% from various other countries.
  6. We then proceeded to carry out multiple steps to block this traffic and then restore their website, so our customer could trade again.

Our customer has since prioritised their cyber security and taken our full security service and now has peace of mind knowing that they are safe.

What made this difficult to stop was the nature of the traffic – which the platform they were using simply saw the requests as valid. The second challenge was the sheer cost of deploying some of the features they would have needed just to deal with some of the impact – all at a time when there is pressure to get their business online. Thankfully, once the YouCloudIT WebSafe Web Application Firewall was deployed we were able to bring the issue to a successful close.

Click here to take a look at our Cyber Security products.

Why you should prioritise your cyber security

by Mark Wiseman time to read: 3 min