Yesterday: DDoS attack from outside the USA. Not just a DDoS, a brute force attack.
A brute force DDoS (Distributed Denial of Service) attack is a type of cyberattack where multiple compromised systems are used to flood a target system or network with an overwhelming volume of traffic, aiming to make the targeted system or network unavailable to its intended users.
In a brute force DDoS attack, attackers typically utilize a large number of bots or compromised computers to generate and send a massive amount of traffic to the target. This flood of traffic can overwhelm the target's resources such as bandwidth, processing power, or network connections, thereby causing the target system or network to become unresponsive or inaccessible to legitimate users.
The term "brute force" in this context refers to the indiscriminate and forceful nature of the attack, as it does not rely on sophisticated techniques to exploit vulnerabilities in the target system or network. Instead, the attackers simply bombard the target with an excessive amount of traffic, often using techniques like UDP flood, SYN flood, or HTTP flood.
Brute force DDoS attacks can have serious consequences, causing financial losses, reputational damage, and disrupting services for legitimate users. It's important for organizations to implement robust DDoS protection measures to mitigate the risk of such attacks.
So, at around 6:00 AM EST on a Saturday morning, no one can reach our websites - or they load SLOW. Like so slow that it looks like we are out of business.Now, I have been selling telecom and technology since 1983. I know some stuff, but I am not an IT / MIS / Engineer. I'm a selling CEO...
And so at 6:04 AM EST on a Saturday morning I am opening up a support ticket with our vendor (normally I would not be the one doing this...). And now I am speaking LIVE with support. A real person. Not a bot, not a chatbot. No, I am working with a real human, Robert, in tech support. LIVE.
The next 20 minutes or so, it was Robert and me, me and Robert - shoulder to shoulder - fighting off the attack. Looking at this, trying that. Rebooting the server, etc. Once the CASE was closed, Robert sent me an email to memorialize it all:
"Thank you for calling in. During the call you mentioned that you were have issues connecting to your websites. You provided access to your server and I immediately noticed that you had 63,011 failed login attempts in only a few minutes. I then checked your messages in the /var/logs directory. There, I found you had an IP, 115.204.XX.XX, that was brute forcing your server. I added that IP to the blacklist for cphulk and then rebooted your server. This significantly improved your website load times.
As requested over the call this case can be closed out. We will set this case to resolved but if you have any questions or if we can be of any additional assistance a reply within seven days will open it back up."
So, it turns out that a COMPETITOR of the vendor that just awarded us North America was the bad actor. We were able to trace the IP address, and identify them. And, we have since alerted the authorities. Or shall we say, Robert did all of this. For me. For us. Within the hours of the incident, I went through a range of emotions. And then, I remembered something that I learned from Michael Caine, the actor. He would say "use the difficulty."Sir Michael tells us that any time we are faced with a difficulty or problem, we can use it to our advantage. He uses the story of a misplaced chair in his rehearsal space to illustrate this, doing so with his typical wit and self-deprecating humour. It’s complete mindset brilliance.
Here’s an excerpt where he illustrates the moment of his epiphany (the video is at the bottom):
“I opened the door, and I said to the producer who was sitting out in the stalls, ‘Well look, I can’t get in. There’s a chair in my way.’
He said, ‘Well, use the difficulty.’
So I said, ‘What do you mean, use the difficulty?’
He said, ‘Well, if it’s a drama, pick it up and smash it. If it’s a comedy, fall over it.’
This was a line for me for life: Always use the difficulty.”
Sir Michael goes on to say there’s never anything so bad where ‘using the difficulty’ can’t be applied. If we use it only a quarter of one percent to our advantage, then we’re ahead. We didn’t let it get us down.
Brush yourself off, pick yourself up, give yourself a metaphorical hug and ask yourself questions. In doing so, you’ll put into practice this “Use the Difficulty” mindset:
- What’s this situation teaching me?
- What’s the useful lesson that I can glean from this scenario?
- If this was happening to a good friend of mine right now (instead of me), what advice would I give to him or her? This can provide some perspective to a situation that you might be too close to. Take a step back and have a look from the outside-in.
- How can I use this perceived disadvantage, set back or challenge to my advantage?
- What’s good about this situation? Come up with at least five things.
- What can I do right now to move forward?
Although Sir Michael jokes his other philosophy is to avoid difficulties altogether, leaders are often faced with challenges on a daily basis. ‘Using the difficulty’ is a change in mindset that can turn a challenging situation into a positive experience for everyone.
I have been thinking about the AMAZING customer service that I received from super genius support engineer Robert yesterday. How we went from a very (very) bad situation to resolution - and how now, today, I am using the difficulty. We are a better company and organization now for experiencing this DDoS attack. We learned much, not only for how to protect ourselves moving forward - but how to protect our customers, our clients, our members.
I am now 'using the difficulty' for everyone we know - for every single member of the DLA.