Page 43 - index
P. 43
DDoS Out in Full Force
By Todd Weller, VP, Corporate Development, Hexis Cyber Solutions
Distributed Denial of Service (DDoS) attacks are on the rise and here to stay. Experts theorize
that this is due in large part to the easy access in obtaining one of these malware toolkits.
Sophisticated DDoS attacks are only going to get worse, so what should companies do to best
prepare themselves?
Let’s take an example from one of the companies that experienced a DDoS attack this past
year, Sony PlayStation. Sony’s PlayStation and Entertainment Networks were taken down via a
DDoS attack, however, according to Sony’s official blog post issued following the attack, no
customer or corporate data was leaked or compromised.
This wasn’t the first time the Japanese electronics company has been under the firing squad. In
spring of 2011, Sony suffered a massive breach against its video game online network that
ultimately led to the theft of names, addresses and even credit card data of almost 77 million
user accounts.
At the time, this attack was considered one of the largest-ever Internet security break-ins. In
comparing these two instances, it looks like Sony learned its lesson when it comes to disclosing
the news in a timely manner. Back in 2011, the company waited 7 full days until announcing the
incident; this time around, Sony made a public statement immediately following the attack.
In addition to the network being taken down, the hacking group responsible, Lizard Squad, is
also claiming to be behind the plane incident involving Sony Online Entertainment President,
John Smedley in which the executive’s American Airlines flight to San Diego had to be diverted
based on a looming bomb threat. This raises an interesting question – what were Lizard
Squad’s driving motives behind the attack? Were these two isolated incidences or was there a
larger connection?
Organizations across all industries should take a page from Sony’s lesson book; recognizing
that an attack has been successfully executed and later publicly disclosing the (known) details
of the incident is the first step in adequately handling the aftermath of a breach.
The next step should include an in-depth analysis of how the attackers able to execute the
breach on hand; in doing so, organizations can collect the necessary information they need to
make efficient decisions on prevention of future similar incidences. If you’re interested in
learning more about to do after an attack, check out the Hexis eGuide, “5 Things to Do After
You’ve Been Hacked.”
It’s clear to speculate that because these breaches are happening over and over again,
companies need to have the right tools in place to better protect themselves. Remember – it’s
no longer a matter of if you’ve been attacked, but when you’re going to be attacked.
43 Cyber Warnings E-Magazine – November 2014 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
