Industry Sector: Government
Attack Methodology: Denial of Service
Apparent Objective: Reputational damage/disruption

What happened?

This was an investigation into a Distributed Denial of Service (DDoS) attack targeting the website of a political party.

The attack consisted of a few separate DDoS attacks carried out over a number of days, which at points were able to bring down every customer website for a large number of customers (not just the political party). Immediately after this, a Twitter account took responsibility for the attacks, citing their disdain for the victim as motivation.

The website service provider took the decision to contact a web security firm who provided DoS attack protection as a service. Their software was deployed on to the company's servers which remedied the attack. The company also identified that the attack was a SYN flood-style attack, which is when an attacker sends a succession of SYN requests to a target's system in an attempt to consume enough server resources to make the system unresponsive to legitimate traffic. 

As is often the case with DDoS attacks, there was a significant financial cost to restore the service to business as usual. For the political party, their website was taken down during an important time in the political cycle, which caused severe disruption.

Points to consider

  • DDoS attacks are often carried out for other motivations besides financial (e.g. political activism as seen above). This is important to bear in mind when assessing the threat to your own organisation - are you likely to be specifically targeted by actors looking to cause reputational harm?
  • PR control - following on from the above point on reputational damage, make sure that you have a plan in place to manage any potential media/stakeholder attention resulting from publicly evident attacks.
  • If your website is the critical part of your organisation, then think about prioritising defences to protect it, and how you are going to function if it suddenly becomes unavailable.
  • Be prepared for the possibility that a DoS attack can be sustained for a number of days with repeated attacks.
  • For a thorough guide on how to defend against DoS attacks, use the guide from the NCSC found on their website at https://www.ncsc.gov.uk/collection/denial-service-dos-guidance-collection.
  • If you or your organisation have been a victim of this or any other type of cyber crime, report to Action Fraud, the UK's national cyber crime reporting centre at https://www.actionfraud.police.uk/ or via phone on 0300 123 2040
  • Action Fraud have a 24/7 reporting capability for live incidents such as DoS attacks.

By using this website you agree to our use of cookies to enhance your experience. I understand

Windows 7 EOL

On January 14th 2020 Windows 7 and Windows Server 2008 (inc.variants) reached End of Life and will no longer have release updates or security patches provided by Microsoft.

These systems will still work after this date, but your business may be exposed to emerging threats of new viruses and malicious attacks.

Please don’t hesitate to contact either Julie or Darryn on 01460271055 to discuss your concerns.