Is it a Rogue Hacker, or a Competitor Behind that Cyber Attack?

Cybercrime is a an unfortunate reality every organization has to deal with in today’s digital world. But many may be shocked to learn who may really be the wizard behind the curtain, pulling the levers that launch a cyber attack. It was revealed recently that Meetup.com has been struggling with a sustained cyber attack holding them, their business and their clients hostage over a ransom demand for a meager $300. To their credit, they are still sticking to their guns, refusing to cave in to the hacker’s demands. But the real eye-opening story, which should be on the radar of every business with a digital presence, lies in an email sent to the CEO of Meetup, Scott Heiferman, just as the attack was launched.

Hacker at work

Random Bad Luck? Or a jealous competitor?

According to Heiferman, he received an email last Thursday morning which read, “A competitor asked me to perform a DDoS attack on your website. I can stop the attack for $300 USD. Let me know if you are interested in my offer.” While that could normally easily be dismissed as an empty threat in an attempt to extort a little cash from an up and coming business, Heiferman didn’t have to wait long to find out it was for real. “Simultaneously, the attack began, our servers were overwhelmed with traffic, and the site went down,” he wrote in a blog post recapping the attack. The attack was on, and as of yesterday, still causing grief six days later. But, Meetup should be commended for making a stand by deciding, “not to negotiate with criminals…payment could make us (and all well-meaning organizations like us) a target for further extortion demands as word spreads in the criminal world.” Chances are their instincts are correct, but moral high ground can be expensive real estate. Not only are they making a stand for themselves, but for future potential victims as well while they are suffering alone, so kudos.

Hired guns on the cyber frontier

While it is still premature to know for sure, the fact that a despicable competitor may be behind the whole thing should be a wakeup call for everyone, and hopefully that tidbit of information in this case leads authorities all the way to the wizard. But however this case concludes, it sheds light on a reality that does exist. With anonymous, underground black-market sites that are havens for hackers, coupled with the boom in anonymous currencies like BitCoin, finding a hired gun to launch an attack has never been easier. And for those with the will to launch an attack, but not the knowledge (aka script kiddies), who don’t want a middle man involved, those same sites also make it easy to find powerful exploit kits that do the work for them with just a few mouse clicks. Everything from polymorphic viruses and ransomware, to controlling huge botnets (up to millions of compromised systems, or zombies, under hacker control) to launch devastating Distributed Denial of Service (DDoS) attacks are on the menu. That’s how just one envious competitor can potentially “bring the rain.”

Are you ready to respond to the inevitable?

Meetup certainly isn’t the first and surely won’t be the last to be victimized by a cyber attacker, and it was not due to lackadaisical effort on the security front. They, “ spend millions of dollars every year keeping the Meetup website and apps secure, stable, and reliable.”

Joe Caruso, founder and CEO/CTO of Global Digital Forensics, has been on the front lines of cyber security for over two decades and has responded to countless cyber emergencies. He knows the realities all too well. “The hard truth is there is no such thing as perfect protection, but the more you put into strengthening your cyber security posture exponentially increases your chances of thwarting most attacks. But any organization that doesn’t keep their eye on the ball when dealing with cyber security, they are more like a tinder box just waiting for any little spark to make everything go up in big flames. They key to survival if the unthinkable happens is in how you respond. Making the right moves right out of the gate not only helps mitigate the initial damage, but the length, severity and cost of the aftermath as well. And the ripples really can take awhile to dissipate. For instance, Target was breached last year, but the fallout is still going on. Just yesterday their Chief Information Officer stepped down. More often than not, the kind of internal trouble a massive breach like they had causes doesn’t roll downhill, it goes up until it’s a head rolling down.”

Have a pro in your corner

“The good news is, you don’t have to face a cyber emergency alone, relying on guesswork and making costly mistakes. We have emergency incident response teams on call 24/7 that are positioned strategically nationwide and worldwide so we can get right to it, often starting the process remotely right away. But if boots on the ground are needed, we’ll have them there in a matter of hours, not days. We help identify the attack, stop it, help ensure it won’t happen again, and help guide our clients through all the potential pitfalls that follow, like regulatory compliance, reporting headaches and minimizing the potentially devastating consequences that come from nervous and angry clients, investors, vendors and the public at large. From DDoS attacks to the most sophisticated malware on the planet, we’ve dealt with it all. We even offer no-retainer SLAs (Service level Agreements) for clients that have us perform a vulnerability assessment and penetration test so they can instantly execute a precision response plan tailored to their exact needs, which we’ll know inside and out after the assessment and testing phase is completed. So if they don’t have an emergency, having us in the wings ready to go won’t cost a thing. It’s as close to a no-brainer as it gets.”

Call GDF today at 1-800-868-8189 for a free consultation with a security specialist that can help tailor professional cyber security solutions and emergency response plans to meet your unique needs.