NCSC issues DoS guidance following Wikipedia attack

The popular online knowledge sharing website experienced large outages at the weekened, prompting a response from Britain's cyber body

DoS mockup

Following a "major DDoS attack" on Wikipedia causing the site to go down globally on Saturday, the National Cyber Security Centre (NCSC) has issued guidance to businesses, large and small, on how to prepare for and mitigate denial of service (DoS) attacks.

The cyber security arm of GCHQ indicates that having a full understanding of what causes a site's outage is important as there are many different ways websites can be knocked offline. Some can be malicious attacks but it can also be due to unforeseen traffic being directed to a site following a successful social media post, for example.

Advertisement - Article continues below

It said a minimal DoS response plan should be in place in any business that operates on the Web. Depending on the size of the business, service outages can be hugely expensive - service downtime is estimated to cost 2,140 per minute, according to recent figures.

A minimal response plan consists of four parts: confirming that the incident is an attack, understanding the nature of the attack, deploying mitigations and recovering.

If a business is confident it is actually under attack and not just experiencing unusually high legitimate traffic, the NCSC advises to contact ActionFraud, a 24/7 cyber reporting service for businesses as the police and the NCSC can't often respond in real-time.

Advertisement
Advertisement - Article continues below

Understanding the nature of the attack is important as it will dictate the way businesses should respond. For example, understanding which IP address is under attack means it can be possible to restrict access to that domain in order to restore other services.

Advertisement - Article continues below

Making these kinds of changes should always be logged, the body said, so that the business can return to a known state once the attack is over.

Although distributed denial of service (DDoS) attacks don't usually last more than three hours, it's not uncommon for attacks to come in bursts, so a business should be wary of the attacker coming back before making a full recovery.

"It is not possible to fully mitigate the risk of a denial of service attack affecting your service, but there are some practical steps that will help you be prepared to respond," said the NCSC.

Wikipedia confirmed on Saturday that the site was downed for users worldwide due to a malicious attack in several countries. Microsoft's Xbox Live gaming service also experienced major outages on the same day, although no connection between the two has been established.

The attack caused around nine hours of intermittent global outages according to Netblock, an internet security monitoring firm.

"Luckily a DDOS attack on a website may be nothing more than an inconvenience, but it could spell more trouble should threat actors believe they are a weak or easy target for future attacks," said Jake Moore, cyber security specialist at ESET.

Advertisement - Article continues below

"The most important way to respond to a DDoS is to strengthen security where possible and plug any gaps that may be currently open."

Due to it being one of the most popular sites in the world, Wikipedia has a tendency to attract bad actors, according to a Wikimedia Foundation blog post.

"We condemn these sorts of attacks," it said. "They're not just about taking Wikipedia offline. Takedown attacks threaten everyone's fundamental rights to freely access and share information. We in the Wikimedia movement and Foundation are committed to protecting these rights for everyone."

To be fully prepared for a DoS-related outage, businesses should ensure their operations are scalable so in the event that a massive spike in traffic does hit the site, the infrastructure can automatically account for it and assign greater resources to accommodate it, according to the NCSC.

Regular testing of the network's defences and monitoring should be carried out in addition to having a solid response plan in place.

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now
Advertisement
Advertisement

Recommended

Visit/security/ransomware/356292/university-of-california-gets-fleeced-by-hackers-for-114-million
ransomware

University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
Visit/security/cyber-security/356289/australia-announces-135b-investment-in-cybersecurity
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
Visit/cloud/cloud-security/356288/csa-and-issa-form-cybersecurity-partnership
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020
Visit/business/policy-legislation/356215/senators-propose-a-bill-aimed-at-ending-warrant-proof-encryption
Policy & legislation

Senators propose a bill aimed at ending warrant-proof encryption

24 Jun 2020

Most Popular

Visit/business/business-operations/356395/nvidia-overtakes-intel-as-most-valuable-us-chipmaker
Business operations

Nvidia overtakes Intel as most valuable US chipmaker

9 Jul 2020
Visit/laptops/29190/how-to-find-ram-speed-size-and-type
Laptops

How to find RAM speed, size and type

24 Jun 2020
Visit/server-storage/servers/356083/the-best-server-solution-for-your-smb
Sponsored

The best server solution for your SMB

26 Jun 2020