DISTRIBUTED DENIAL OF SERVICE

Industry Sector: Government
Attack Methodology: Denial of Service
Apparent Objective: Reputational damage/disruption

What happened?

This was an investigation into a Distributed Denial of Service (DDoS) attack targeting the website of a political party.

Impact
The attack consisted of a few separate DDoS attacks carried out over a number of days, which at points were able to bring down every customer website for a large number of customers (not just the political party). Immediately after this, a Twitter account took responsibility for the attacks, citing their disdain for the victim as motivation.

The website service provider took the decision to contact a web security firm who provided DoS attack protection as a service. Their software was deployed on to the company's servers which remedied the attack. The company also identified that the attack was a SYN flood-style attack, which is when an attacker sends a succession of SYN requests to a target's system in an attempt to consume enough server resources to make the system unresponsive to legitimate traffic. 

As is often the case with DDoS attacks, there was a significant financial cost to restore the service to business as usual. For the political party, their website was taken down during an important time in the political cycle, which caused severe disruption.

Points to consider

  • DDoS attacks are often carried out for other motivations besides financial (e.g. political activism as seen above). This is important to bear in mind when assessing the threat to your own organisation - are you likely to be specifically targeted by actors looking to cause reputational harm?
  • PR control - following on from the above point on reputational damage, make sure that you have a plan in place to manage any potential media/stakeholder attention resulting from publicly evident attacks.
  • If your website is the critical part of your organisation, then think about prioritising defences to protect it, and how you are going to function if it suddenly becomes unavailable.
  • Be prepared for the possibility that a DoS attack can be sustained for a number of days with repeated attacks.
  • For a thorough guide on how to defend against DoS attacks, use the guide from the NCSC found on their website at https://www.ncsc.gov.uk/collection/denial-service-dos-guidance-collection.
  • If you or your organisation have been a victim of this or any other type of cyber crime, report to Action Fraud, the UK's national cyber crime reporting centre at https://www.actionfraud.police.uk/ or via phone on 0300 123 2040
  • Action Fraud have a 24/7 reporting capability for live incidents such as DoS attacks.

By using this website you agree to our use of cookies to enhance your experience. I understand

Nuclear Conference

Nuclear South West Conference 2019

The Somerset Cyber Group (with BLUELOOP being one of the members) will be exhibiting at the upcoming Nuclear South West Conference 2019 at The McMillan Theatre, Bridgwater on 2nd and 3rd October 2019.

With a theme of ‘Bringing Innovation to Nuclear’, this two-day showcase and conference highlights current and future opportunities in New Build, Decommissioning, Defence and new technologies, including SMRs. 

Our team will be on hand to discuss basic steps in good Cyber Security practice to ensure that all members of the supply chains, no matter how large or small, can ensure that they aren’t the weakest link.

For more information visit: https://nuclearsouthwest.co.uk/events or to book, visit: https://lnkd.in/dGfZ5Dz