The UK Labour party was recently hit by a large scale DDOS attack on its digital platforms. The incident was reported to the National Cyber Security Centre, but the party is confident there was no data breach.
This may be the first cyber attack of the pre-election period, but it probably won’t be the last. Cyber attacks on political groups and campaigns have become common place, the most high profile being the 2016 US presidential campaign, which continues to resound in US politics. But that isn’t an isolated incident and recent research from Microsoft found over 800 such attacks in the last year, including four DDOS attacks on a democratic congressional candidate’s website during a US state primary.
DDOS attacks are common
DDOS attacks draw on multiple endpoints to overwhelm a server and reduce (or prevent) access to a website or online application. They are a fairly natural fit for hacktivists or disengaged politicos as they prevent genuine traffic and are reputationally damaging. If a service is disrupted or restarted, DDOS attacks can also aid in a data breach.
But DDOS attacks are used more broadly and they continue to rise in terms of frequency, with an 18% increase in the second quarter of 2019, compared to the same time last year. But the volume of attacks isn’t the only problem. They are also becoming more powerful, with the 2018 attack on GitHub topping out at 1.3Tbps versus major attacks in 2014 reaching 400-500Gbps.
One reason behind the increased bandwidth in DDOS attacks is the growth of the Internet of Things (IoT). In 2016 the Mirai botnet leveraged IoT devices to launch a DDOS attack on DNS provider Dyn, taking major sites offline including Twitter, Netflix, Reddit, Soundcloud, Spotify and CNN amongst others. Since then, the use of IoTs has been a regular feature and as 5G becomes widespread, increased internet speeds and lower latency means these sorts of attacks are likely to increase further.
Preventing a DDOS attack
As ever, practicing good cyber hygiene is a must - such as, applying effective firewalls, anti-virus, threat detection, monitoring and good patch management. But there are a number of commercially available tools to monitor server traffic and flag unusually high activity, helping to identify and stop DDOS attacks sooner. Cyber incident management and resilience procedures should consider the impact of a DDOS attack, with clearly defined roles and responsibilities to resume business as usual.
A National Cyber Security Centre spokesman said the Labour Party followed the correct procedure and notified them swiftly of Monday's cyber-attack, adding: "The attack was not successful and the incident is now closed."