DISTRIBUTED DENIAL OF SERVICE
Industry Sector: Government
Attack Methodology: Denial of Service
Apparent Objective: Reputational damage/disruption
This was an investigation into a Distributed Denial of Service (DDoS) attack targeting the website of a political party.
The attack consisted of a few separate DDoS attacks carried out over a number of days, which at points were able to bring down every customer website for a large number of customers (not just the political party). Immediately after this, a Twitter account took responsibility for the attacks, citing their disdain for the victim as motivation.
The website service provider took the decision to contact a web security firm who provided DoS attack protection as a service. Their software was deployed on to the company's servers which remedied the attack. The company also identified that the attack was a SYN flood-style attack, which is when an attacker sends a succession of SYN requests to a target's system in an attempt to consume enough server resources to make the system unresponsive to legitimate traffic.
As is often the case with DDoS attacks, there was a significant financial cost to restore the service to business as usual. For the political party, their website was taken down during an important time in the political cycle, which caused severe disruption.
Points to consider
- DDoS attacks are often carried out for other motivations besides financial (e.g. political activism as seen above). This is important to bear in mind when assessing the threat to your own organisation - are you likely to be specifically targeted by actors looking to cause reputational harm?
- PR control - following on from the above point on reputational damage, make sure that you have a plan in place to manage any potential media/stakeholder attention resulting from publicly evident attacks.
- If your website is the critical part of your organisation, then think about prioritising defences to protect it, and how you are going to function if it suddenly becomes unavailable.
- Be prepared for the possibility that a DoS attack can be sustained for a number of days with repeated attacks.
- For a thorough guide on how to defend against DoS attacks, use the guide from the NCSC found on their website at https://www.ncsc.gov.uk/collection/denial-service-dos-guidance-collection.
- If you or your organisation have been a victim of this or any other type of cyber crime, report to Action Fraud, the UK's national cyber crime reporting centre at https://www.actionfraud.police.uk/ or via phone on 0300 123 2040
- Action Fraud have a 24/7 reporting capability for live incidents such as DoS attacks.