Posted on October 3, 2017 at 11:15 AM
This past weekend the UK National Lottery’s website suffered a DDoS attack which led to systems being down for 90 minutes during peak time.
The UK National Lottery recently confirmed that their website experienced a downtime of over 90 minutes due to a DDoS attack. The attack was launched on Saturday, a popular peak time on the website, and caused the website to be down for 90 minutes.
Purchasing Lottery tickets online has become popular amongst Lottery players as it is less time consuming than purchasing one in store. However, the 90-minute downtime meant that thousands of players could not buy their lottery tickets, resulting in a huge loss for the UK National Lottery.
The downtime was first detected and later confirmed by the National Lottery to be due to a DDoS attack. The National Lottery took to Twitter to apologize to their users. It is still unknown whether the attack was a ransom attack or rather a demonstration of future threats to come.
We're very sorry that many players are currently unable to access The National Lottery website or app. Our 46,000 retailers are unaffected.
— The National Lottery (@TNLUK) September 30, 2017
According to Kirill Kasavchenko, a principal security technologist at Arbor Networks, this latest targeting of the National Lottery, especially at peak activity time demonstrates that there are still dedicated hackers out there. The website being down for up to 90 minutes also indicates that companies should work on their response time and have a policy in place in the event of a malicious attack. DDoS attacks of this scale can cause a reputable institution such as the National Lottery to lose its audience.
Any company can fall victim to a DDoS attack, which is why Kasavchenko stressed that all organizations should ensure that they have optimal DDoS protection as well as response policy in place. To strengthen defenses, Kasavchenko recommended companies look into hardening network infrastructures, ensuring visibility of all network traffic,
“All organizations must examine their current DDoS defenses, and decide whether their current processes are robust enough to ensure operations will not be halted by a DDoS attack. To guard against such attacks, organizations should implement best current practices for DDoS defense. That includes hardening network infrastructures, ensuring complete visibility of all network traffic, and implementing sufficient DDoS mitigation capabilities.
Gambling websites have become an irresistible target for a malicious attacker, not only because of the monetary aspect but also because they store huge volumes of sensitive data on their users, including personal information and financial information.
In 2016, William Hill’s website experienced a similar attack. The website was targeted on a Tuesday evening just as the UEFA League games were being played. Fortunately for the company, only the website was affected while the smartphone app continued normal functioning.
Other popular non-gambling websites have also been targeted with DDoS attacks, such as Spotify, SoundCloud, and Twitter.
It is thought however that targeting a high-profile website such as the UK National Lottery indicates a possible new wave in cybercrime, where hackers will target companies that could suffer a great loss if hacked.
The UK National Lottery was hacked in its peak activity time during the week. While a cost estimate has not yet been released, it can be assumed that the National Lottery suffered a great loss when users were unable to buy a ticket for a whole 90 minutes.
Kasavchenko and many other security experts have long ago urged companies to take cybercrime more seriously and to address this by implementing strong defenses and security policies to prevent great losses and putting their clients’ information at risk. Hopefully, this latest attack will urge other companies to implement better security defenses.