NCSC issues DoS guidance following Wikipedia attack

The popular online knowledge sharing website experienced large outages at the weekened, prompting a response from Britain's cyber body

DoS mockup

Following a "major DDoS attack" on Wikipedia causing the site to go down globally on Saturday, the National Cyber Security Centre (NCSC) has issued guidance to businesses, large and small, on how to prepare for and mitigate denial of service (DoS) attacks.

The cyber security arm of GCHQ indicates that having a full understanding of what causes a site's outage is important as there are many different ways websites can be knocked offline. Some can be malicious attacks but it can also be due to unforeseen traffic being directed to a site following a successful social media post, for example.

It said a minimal DoS response plan should be in place in any business that operates on the Web. Depending on the size of the business, service outages can be hugely expensive - service downtime is estimated to cost 2,140 per minute, according to recent figures.

A minimal response plan consists of four parts: confirming that the incident is an attack, understanding the nature of the attack, deploying mitigations and recovering.

If a business is confident it is actually under attack and not just experiencing unusually high legitimate traffic, the NCSC advises to contact ActionFraud, a 24/7 cyber reporting service for businesses as the police and the NCSC can't often respond in real-time.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Understanding the nature of the attack is important as it will dictate the way businesses should respond. For example, understanding which IP address is under attack means it can be possible to restrict access to that domain in order to restore other services.

Making these kinds of changes should always be logged, the body said, so that the business can return to a known state once the attack is over.

Although distributed denial of service (DDoS) attacks don't usually last more than three hours, it's not uncommon for attacks to come in bursts, so a business should be wary of the attacker coming back before making a full recovery.

"It is not possible to fully mitigate the risk of a denial of service attack affecting your service, but there are some practical steps that will help you be prepared to respond," said the NCSC.

Wikipedia confirmed on Saturday that the site was downed for users worldwide due to a malicious attack in several countries. Microsoft's Xbox Live gaming service also experienced major outages on the same day, although no connection between the two has been established.

Advertisement - Article continues below

The attack caused around nine hours of intermittent global outages according to Netblock, an internet security monitoring firm.

"Luckily a DDOS attack on a website may be nothing more than an inconvenience, but it could spell more trouble should threat actors believe they are a weak or easy target for future attacks," said Jake Moore, cyber security specialist at ESET.

"The most important way to respond to a DDoS is to strengthen security where possible and plug any gaps that may be currently open."

Due to it being one of the most popular sites in the world, Wikipedia has a tendency to attract bad actors, according to a Wikimedia Foundation blog post.

"We condemn these sorts of attacks," it said. "They're not just about taking Wikipedia offline. Takedown attacks threaten everyone's fundamental rights to freely access and share information. We in the Wikimedia movement and Foundation are committed to protecting these rights for everyone."

Advertisement
Advertisement - Article continues below

To be fully prepared for a DoS-related outage, businesses should ensure their operations are scalable so in the event that a massive spike in traffic does hit the site, the infrastructure can automatically account for it and assign greater resources to accommodate it, according to the NCSC.

Advertisement - Article continues below

Regular testing of the network's defences and monitoring should be carried out in addition to having a solid response plan in place.

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now
Advertisement

Recommended

Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/hardware/354584/windows-10-and-the-tools-for-agile-working
Sponsored

Windows 10 and the tools for agile working

20 Jan 2020
Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020