NCSC issues DoS guidance following Wikipedia attack

The popular online knowledge sharing website experienced large outages at the weekened, prompting a response from Britain's cyber body

DoS mockup

Following a "major DDoS attack" on Wikipedia causing the site to go down globally on Saturday, the National Cyber Security Centre (NCSC) has issued guidance to businesses, large and small, on how to prepare for and mitigate denial of service (DoS) attacks.

The cyber security arm of GCHQ indicates that having a full understanding of what causes a site's outage is important as there are many different ways websites can be knocked offline. Some can be malicious attacks but it can also be due to unforeseen traffic being directed to a site following a successful social media post, for example.

It said a minimal DoS response plan should be in place in any business that operates on the Web. Depending on the size of the business, service outages can be hugely expensive - service downtime is estimated to cost 2,140 per minute, according to recent figures.

A minimal response plan consists of four parts: confirming that the incident is an attack, understanding the nature of the attack, deploying mitigations and recovering.

If a business is confident it is actually under attack and not just experiencing unusually high legitimate traffic, the NCSC advises to contact ActionFraud, a 24/7 cyber reporting service for businesses as the police and the NCSC can't often respond in real-time.

Advertisement
Advertisement - Article continues below

Understanding the nature of the attack is important as it will dictate the way businesses should respond. For example, understanding which IP address is under attack means it can be possible to restrict access to that domain in order to restore other services.

Making these kinds of changes should always be logged, the body said, so that the business can return to a known state once the attack is over.

Although distributed denial of service (DDoS) attacks don't usually last more than three hours, it's not uncommon for attacks to come in bursts, so a business should be wary of the attacker coming back before making a full recovery.

"It is not possible to fully mitigate the risk of a denial of service attack affecting your service, but there are some practical steps that will help you be prepared to respond," said the NCSC.

Wikipedia confirmed on Saturday that the site was downed for users worldwide due to a malicious attack in several countries. Microsoft's Xbox Live gaming service also experienced major outages on the same day, although no connection between the two has been established.

The attack caused around nine hours of intermittent global outages according to Netblock, an internet security monitoring firm.

"Luckily a DDOS attack on a website may be nothing more than an inconvenience, but it could spell more trouble should threat actors believe they are a weak or easy target for future attacks," said Jake Moore, cyber security specialist at ESET.

"The most important way to respond to a DDoS is to strengthen security where possible and plug any gaps that may be currently open."

Due to it being one of the most popular sites in the world, Wikipedia has a tendency to attract bad actors, according to a Wikimedia Foundation blog post.

"We condemn these sorts of attacks," it said. "They're not just about taking Wikipedia offline. Takedown attacks threaten everyone's fundamental rights to freely access and share information. We in the Wikimedia movement and Foundation are committed to protecting these rights for everyone."

Advertisement
Advertisement - Article continues below

To be fully prepared for a DoS-related outage, businesses should ensure their operations are scalable so in the event that a massive spike in traffic does hit the site, the infrastructure can automatically account for it and assign greater resources to accommodate it, according to the NCSC.

Regular testing of the network's defences and monitoring should be carried out in addition to having a solid response plan in place.

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now
Advertisement

Recommended

Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/security/identity-and-access-management-iam/354289/44-million-microsoft-customers-found-using
identity and access management (IAM)

44 million Microsoft customers found using compromised passwords

6 Dec 2019
Visit/hardware/354237/five-signs-that-its-time-to-retire-it-kit
Sponsored

Five signs that it’s time to retire IT kit

29 Nov 2019
Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/operating-systems/microsoft-windows/354297/this-exploit-could-give-users-free-windows-7-updates
Microsoft Windows

This exploit could give users free Windows 7 updates beyond 2020

9 Dec 2019