NCSC issues DoS guidance following Wikipedia attack

The popular online knowledge sharing website experienced large outages at the weekened, prompting a response from Britain's cyber body

DoS mockup

Following a "major DDoS attack" on Wikipedia causing the site to go down globally on Saturday, the National Cyber Security Centre (NCSC) has issued guidance to businesses, large and small, on how to prepare for and mitigate denial of service (DoS) attacks.

The cyber security arm of GCHQ indicates that having a full understanding of what causes a site's outage is important as there are many different ways websites can be knocked offline. Some can be malicious attacks but it can also be due to unforeseen traffic being directed to a site following a successful social media post, for example.

It said a minimal DoS response plan should be in place in any business that operates on the Web. Depending on the size of the business, service outages can be hugely expensive - service downtime is estimated to cost 2,140 per minute, according to recent figures.

A minimal response plan consists of four parts: confirming that the incident is an attack, understanding the nature of the attack, deploying mitigations and recovering.

If a business is confident it is actually under attack and not just experiencing unusually high legitimate traffic, the NCSC advises to contact ActionFraud, a 24/7 cyber reporting service for businesses as the police and the NCSC can't often respond in real-time.

Understanding the nature of the attack is important as it will dictate the way businesses should respond. For example, understanding which IP address is under attack means it can be possible to restrict access to that domain in order to restore other services.

Making these kinds of changes should always be logged, the body said, so that the business can return to a known state once the attack is over.

Although distributed denial of service (DDoS) attacks don't usually last more than three hours, it's not uncommon for attacks to come in bursts, so a business should be wary of the attacker coming back before making a full recovery.

"It is not possible to fully mitigate the risk of a denial of service attack affecting your service, but there are some practical steps that will help you be prepared to respond," said the NCSC.

Wikipedia confirmed on Saturday that the site was downed for users worldwide due to a malicious attack in several countries. Microsoft's Xbox Live gaming service also experienced major outages on the same day, although no connection between the two has been established.

The attack caused around nine hours of intermittent global outages according to Netblock, an internet security monitoring firm.

"Luckily a DDOS attack on a website may be nothing more than an inconvenience, but it could spell more trouble should threat actors believe they are a weak or easy target for future attacks," said Jake Moore, cyber security specialist at ESET.

"The most important way to respond to a DDoS is to strengthen security where possible and plug any gaps that may be currently open."

Due to it being one of the most popular sites in the world, Wikipedia has a tendency to attract bad actors, according to a Wikimedia Foundation blog post.

"We condemn these sorts of attacks," it said. "They're not just about taking Wikipedia offline. Takedown attacks threaten everyone's fundamental rights to freely access and share information. We in the Wikimedia movement and Foundation are committed to protecting these rights for everyone."

To be fully prepared for a DoS-related outage, businesses should ensure their operations are scalable so in the event that a massive spike in traffic does hit the site, the infrastructure can automatically account for it and assign greater resources to accommodate it, according to the NCSC.

Regular testing of the network's defences and monitoring should be carried out in addition to having a solid response plan in place.

Featured Resources

Humility in AI: Building trustworthy and ethical AI systems

How humble AI can help safeguard your business

Download now

Future of video conferencing

Optimising video conferencing features to achieve business goals

Download now

Leadership compass: Privileged Access Management

Securing privileged accounts in a high-risk environment

Download now

Why you need to include the cloud in your disaster recovery plan

Preserving data for business success

Download now

Recommended

What is AES encryption?
Advanced Encryption Standard (AES)

What is AES encryption?

30 Nov 2020
UK's Huawei 5G ban brought forward to September 2021
Security

UK's Huawei 5G ban brought forward to September 2021

30 Nov 2020
Hacker claims to be selling C-suite executives' Microsoft credentials
Security

Hacker claims to be selling C-suite executives' Microsoft credentials

30 Nov 2020
What are biometrics?
Security

What are biometrics?

27 Nov 2020

Most Popular

80% of cyber professionals say the Computer Misuse Act is working against them
Security

80% of cyber professionals say the Computer Misuse Act is working against them

20 Nov 2020
Cisco acquires container security startup Banzai Cloud
Security

Cisco acquires container security startup Banzai Cloud

18 Nov 2020
46 million Animal Jam accounts leaked after comms software breach
Security

46 million Animal Jam accounts leaked after comms software breach

13 Nov 2020