lolloj - Fotolia
Several government websites have been forced offline for several hours, underlining the need for greater attention to be paid to distributed denial-of-service (DDoS) attacks.
Those affected includ the websites of Ireland’s Central Statistics Office, the Oireachtas (legislature of Ireland), the Department of Justice, the Department of Defence, and the Courts Services of Ireland.
The attacks, which typically flood websites with requests, started late on 21 January 2016. The websites were reportedly restored only by the following afternoon, disrupting government services.
The websites of mobile phone companies Meteor and Eir were also targeted by DDoS attacks, according to RTE News.
The attacks come just days after Ireland’s National Lottery website and ticket machines – and online forum site boards.ie – were also knocked offline by DDoS attacks.
While the Irish National Lottery claimed that its DDoS protection systems had restored normal operations in two hours, government departments were offline longer.
Cost of DDoS attacks
Although DDoS attacks have been around for many years, DDoS mitigations are still not part of standard cyber defences implemented by most companies.
DDoS attacks tend to be discounted because they do not typically result in any damage to IT systems or loss of data.
However, leading companies are including them as part of their cyber defence strategies because DDoS attacks can have a great impact on business operations and are becoming increasingly common as they become more powerful and easier to carry out.
In March 2015, a survey published by Neustar revealed that DDoS attacks could expose 40% of businesses in Europe to losses of £100,000 or more an hour at peak times.
In addition to the cost of downtime, Neustar said there is also the cost of dealing with increased demand on customer service call centres, risk management costs and even marketing costs to restore trust and brand reputation.
Hacktivist groups increase pressure
In recent months, DDoS attacks have been used by hacktivist groups to pressure targets on social and political issues, as well as cyber extortion groups who demand payment in return for halting DDoS attacks.
The rise in the use of DDoS attacks by hacktivist groups for politically motivated purposes has prompted leading organisations to include such attacks in their routine business risk assessments.
In January 2016, Nissan became the latest Japanese organisation to be targeted by DDoS attacks by hacktivist group Anonymous, as part of its campaign to raise awareness of Japan’s continued killing of whales and dolphins.
“The availability of DDoS as a service and large-scale botnets for hire makes it relatively easy to launch an attack that can even disrupt the operations of large, robust public websites that are designed to handle high traffic volumes,” said Mark Chaplain, vice-president for Europe at network security firm Ixia.
“Organisations can mitigate the effect of these attacks by reducing their attack surface – blocking web traffic from the large numbers of IP addresses that are known to be bot-infected, or are known sources of malware and DoS attacks.
“Using an appliance specifically for line-speed IP address filtering can deliver this protection by simply eliminating the malicious traffic, helping to keep resources running,” he said.
Read more about DDoS attacks
- DDoS attacks could expose 40% of businesses to losses of £100,000 or more an hour at peak times, a survey shows.
- All indications show that DDoS attacks are increasing in variety, number and size.
- Cyber threats evolve at the same pace as technology, and denial-of-service attacks are no different.
- Employ a mix of internal and cloud-based DDoS mitigation controls to minimise business disruptions from these increasingly complex attacks.