By now we’ve all heard that Twitter was offline for a couple of hours today, and that FaceBook was running slowly. The reports are that they both were victims of a Distributed Denial of Service (DDoS) attack.

While this was limited to sites that, admittedly, have little measurable business value, what if it was a business-critical site that was knocked off-line?

Now, stay with me while we take a bit of a leap…

Many small businesses and individuals are moving to “cloud computing”. Working documents are in the “cloud”. Software as a Service (SaaS) is finally starting to take off.

Now, if the “cloud” and SaaS provider that you are using are being hit with a DDoS, what plans do you have for your business?

Lessons for the small business…

1. Know the risks associated with your technological model – in this case “cloud” vs local.
2. Make your DRP/BCP include plans in the event your providers are unavailable.
3. Finally, know what response you will have if your providers never return.

Here’s hoping you have a weekend full of availability!

- Dan

UPDATE: The reports now are that many more sites were affected as a result of targeting ONE user (from cnet.com) !

Reports are coming out this morning of distributed denial of service attacks coming from North Korea and targeting South Korean government and business web sites. I heard one report which stated that US government sites are also being targeted.

I’ve never really thought USA Today was a bastion of InfoSec news, but they have a report here that gives a basic understanding of what is going on.

It is evident that the information is not complete. Unnamed sources that are “not authorized” to speak are providing sanitized information.

I would expect there to be more information coming out a little at a time.

UPDATE: Information is starting to come out http://www.google.com/hostednews/ap/article/ALeqM5icTKBW9_fm-oKDzns75BI-ykokSwD999UN580.

My plan is to use this as an opportunity and reminder to revisit our plans and procedures in the event any of our computers are a part of a botnet, or in the event our organization becomes a target.

Steps I plan to take specifically for this threat:

• Work with ISP to make sure that they are filtering DDoS at their routers for traffic that is headed our way.
• Verify that all of our computers have current antivirus running and that signatures are current.
• Force an AV scan on all workstations.
• Force an AV scan on all servers using a secondary AV engine.
• Monitor in-bound traffic closely and pay attention to alerts.
• Notify Management of the situation if anything begins to develop.

Sleep tight, y’all.

- Dan