‘Twas the Night Before Vaca

December 23, 2015 JP Blaho

Just a day away from a long holiday break, so I thought that it best to save the best for last.  As a marketer for a security vendor, I have seen how security solutions are developed to often solve a single problem.  This approach to mitigating threats for a business is completely outdated.  These solutions are vital, but singular by design, and hackers have taken advantage of this practice.  Instead of trying tens of different individual attack patterns to gain access, they are establishing orchestrated attacks.  They are not only looking for the holes in your system, but they are doing so in a planned surge.  This creates a doubly whammy to businesses, as it could potentially bring down networks and systems with the sheer power of the attack, while finding ways in that you might not notice.

So to bring some levity to probably what was, or is, a very stressful time of the year, I bring you my version of a very long poem, which I have titled: ‘Twas the Night Before VacaHappy holidays to you all!

‘Twas the Night Before Vaca

‘Twas the night before vaca, when all through the SOC
All the systems were running without even a squawk.

Tech updates were made, by the NetOps team pros
In the hopes that no downtime would soon be imposed.

The specialists were nestled, all poised in each chair
While pictures of SIEM alerts on their screens did appear.

Six alerts made per minute is just business as use…
But twenty-two per minute signals potential issues.

When all of a sudden our network went down
An attack on our website or a system breakdown.

We sprung to the monitors to ping our machines
To see if our servers lit red or lit green.

Red flashes were blinking, a sea of red lights
A first indication that it would be a long night.

A DDoS attack of at least 80 Gigs strong
Had consumed our full bandwidth now everything’s wrong.

We call our provider to begin traffic scrubbing
Eighteen minutes on hold their support is a snubbing.

Our CISO was livid she screamed on the phone
“Get that site up and running or your vacation’s postponed”

It’s forty-eight minutes and there’s no end in sight
Our efforts are like taking a sword to a gunfight.

But as quick as it came the attack had burned out
And the dust started settling but had left me with doubt.

Was that all just a DNS amplification
Or was there more to this odd cause of action.

Some systems stayed wonky, perhaps a smokescreen beset
Then I thought, what if the attack was an advanced threat?

My worst fears I wondered had maybe came true
A malware insertion or a systems breach snafu.

I called the IR Team to raise my concerns
So they accessed the logs to look for patterns.

It’s true some anomalies came from the search
Which prompted our experts to do more research.

Some malware was found to have sent corporate info
But how much and what, we still did not know.

We notified legal and executives galore
While we determined this data had been moved offshore.

Our security architect was called in on this hunt
To analyze our network where he thought it prudent.

With his tools he did use to build a baseline
But two hundred days backwards to build a full timeline.

This blackhat did recon to find the right places
Where our staffers would surf and leave nary their traces.

Once their malware inserted via the endpoint user
Their tiny but deadly program became a transducer.

It sat in the silence waiting for commands to control
To begin sending biz data from our systems it stole.

Exfiltration was its mission, about 10 gigs to be exact
While we focused on what we thought was just a DDoS attack.

In the end, all the data that left our dear business
Turned out to be encrypted and assumed to be useless.

So I typed a new email to the whole corporate staff
About proper business usage to avoid a future gaff.

Now I log off my systems, and prepare to leave the site
Happy holidays to all, and to all a more quiet night!

The post ‘Twas the Night Before Vaca appeared first on Arbor Insights - Our People, Products and Perspective.


Previous Article
ISP Traffic Visibility and the Future of Network Services
ISP Traffic Visibility and the Future of Network Services

The process of prepping for my recent interview with Light Reading’s Steve Saunders got me thinking about A...

Next Article
You’re a Mean One, Master Hack
You’re a Mean One, Master Hack

I cannot help it. I love watching the “The Grinch Who Stole Christmas.” So for the next holiday carol spook...