Denial of Service (DoS) attacks
A class of attacks which are designed to render a service inaccessible to users.
You may have heard about or even experienced DoS attacks that have been launched against websites, however this type of attack can be launched against any system e.g. industrial control systems which support critical processes.
A basic technical description is that an attacker will overload a server (a computer that 'serves' many types of information to other computers) with illegitimate requests for information. This then makes it impossible for that server to deal with the requests from legitimate users, and prevents devices which depend on that network from exchanging information.
DoS attacks can range in duration and may target more than one website or service at a time. An attack becomes a Distributed Denial of Service (DDoS) attack when it comes from multiple compromised devices at once. Multiple compromised devices used for this purpose is often referred to as a botnet. It's important that you secure your devices (frequent updates/not clicking on suspicious links or attachments/utilising anti-virus etc.) so that they aren't used in this way. DDoS attacks are highly prevalent due to the increasing number of connected devices.
Motivations for DoS attacks can be more varied than other type of attacks. As the effect is quite often immediately public, this is a favoured method of political activists/'hacktivists', or even disgruntled former employees looking to cause both PR and financial damages. Of course, criminals can employ DoS attacks for financial gain, either through ransom demands, or if they are operating a DoS service for hire.
Although there is technical advice which can help defend against DoS attacks, the majority of this may not be applicable to all, and not suitable to include in this format. More detailed guidance on DoS attacks can be found on the National Cyber Security Centre (NCSC) website outlined in the 'Useful Links' section below. However, we have included some brief points to consider below:
- Prepare - ensure that you and your service providers are prepared to deal with an overload of their resources. Ask them to explain how they are prepared for these scenarios, and how they can mitigate the threat for your organisation.
- Incident Response - understand what impact a DoS attack would have on your business and create an incident response plan. Think about who needs to be involved both internally and externally (e.g. 3rd party providers), and clearly define the roles and responsibilities for each. Think about having manual backup processes to rely on which can operate whilst the main services are down. Be thorough, and test your plan!
- DoS attacks can be used as a smokescreen to distract from other attacks which have a different aim (e.g. data theft). Be aware of this, and monitor closely for other suspicious activity which could indicate additional attacks.
- Action Fraud - if you are experiencing a live cyber attack, you can contact Action Fraud via telephone on 0300 123 2040, and follow the instructions. If it has been dealt with, then please also report the crime to Action Fraud, as every report will help law enforcement with intelligence building.
DoS guidance collection from NCSC
Guidance to help organisations understand and mitigate against DoS attacks (from the NCSC at https://www.ncsc.gov.uk/guidance/denial-service-dos-guidance-collection).
Lucky enough to get a new device for Christmas? Learn how to protect yourself, your family, finances, and connected devices with these tips (from Get Safe Online at https://www.getsafeonline.org/connectedchristmas/).