The attack began on the morning of April 19.
The internal monitoring systems at financial software provider Wave Accounting alerted staff that some of its services were being disrupted. Someone was flooding the system with requests in an attempt to render the company’s offerings unavailable in what’s known as a “distributed denial-of-service” (DDoS) attack.
Within minutes, nearly every one of Wave’s 280 employees was engaged to contain the damage, inform customers, and rout out the attack.
“It was pretty much all hands on deck,” explains Ideshini Naidoo, the company’s chief technology officer, adding that Wave had to work around the added challenge of not being physically together while mounting its defense.
Fortunately Naidoo and her team were already on the lookout. As the coronavirus spread chaos and disorder around the world, and as aid packages were offered to help small and medium-size businesses (SMBs) in the United States, cybersecurity experts warned that attacks would spike.
“Attackers have this really good opportunity to send a phishing email that says, ‘Hey, you can get PPE like masks by clicking here,’ and off you go providing details you shouldn’t,” Naidoo says. “Or, people appeal to the humanitarian side, saying, ‘Click here to make a charitable donation to support healthcare workers.’ People are falling for those phishing attacks.”
In the end, Wave’s services were only down intermittently over a few hours. Had the attacker been more sophisticated, or had the company been less prepared, Naidoo says it could have caused significant damage.
“A DDoS attack is a serious concern,” she says. “It can take you out, and if a small business’s services are not available to their customers, that’s it, you’re not making any revenue, and you have potential reputational risk.”
Phishing during the pandemic
According to Google’s Safe Browsing service, the number of phishing sites detected by the search engine nearly doubled between the start of the year and mid-May. Furthermore, according to Verizon’s 2020 Data Breach Investigations Report, more than a quarter of all data breaches perpetrated this year targeted SMBs, which often are less prepared to prevent or respond to an attack than large enterprises. Within two months of the outbreak, 13% of small businesses reported that they had been victims of an attack.
While large enterprises were once the primary targets of such attacks — including one that robbed Google and Facebook of $100 million between 2013 and 2015, and another that cost Sony Pictures roughly the same amount in 2014 — hackers have discovered that they can often penetrate an SMB’s network more easily. Using a DDoS or other type of attack, they can then prevent that business from operating until a ransom is paid.