Users of online encyclopedia Wikipedia around the world were left unable to access the website after it was hit by a distributed denial-of-service (DDoS) attack over the weekend.
According to Tech Radar, users in the UK, France, Germany, Italy and parts of the Middle East with the website reportedly down for periods of time over the weekend.
The attack was first detected on Friday evening, with problems continuing until Monday morning. Video game developer Blizzard Entertainment, the company behind World of Warcraft, was also affected by a separate attack over the weekend.
Wikimedia, the parent company of Wikipedia, said that it had been affected by a “malicious attack that had taken it offline in several countries for intermittent periods” with “bad-faith actors” behind the incident.
Wikimedia’s German Twitter account shed more light on the situation, saying that Wikipedia’s servers had been “paralysed by a massive and very broad DDoS attack”.
What is a DDoS attack?
A DDoS attack is when a system is deliberately flooded with more traffic than the server can handle, usually using a botnet, causing the system to crash. The motivation behind DDoS attacks is to cause disruption to a particular website or organisation, as the network or server affected cannot operate as normal.
According to Netscout, DDoS attacks cost the UK economy around £1bn each year, with 86% of major UK enterprises attacked at least once in 2018.
What was the motivation for the Wikipedia DDoS attack?
Unlike most other types of cyberattack, the motivation behind a DDoS attack is not primarily financial gain or to obtain personal information (although attackers may demand financial payment in return for not carrying out an attack).
According to Terry Ray, senior vice president and fellow at Imperva, the motivation behind DDoS attacks varies considerably and can be “political, ethical or religious beliefs, extortion, competitive actions, notoriety, or as a smokescreen for other concurrent cyber attacks.”
For some, the motivation may be political, with hacktivists targeting websites of particular organisations, governments or individuals to make a political statement. In 2015, hacktivist group Anonymous launched an attack against Turkish government agencies, alleging that it had supported terrorist group ISIS.
In the case of the Wikipedia DDoS attack, the motivation behind targeting the free resource has not yet come to light. Those behind the attack and their motivation also remain unknown, with a desire to simply cause disruption or exploit vulnerabilities a possible motive.
Wikimedia responded to the DDoS attack by saying that it threatened “everyone’s fundamental rights to freely access and share information”.
“DDoS isn’t always perceived as a cybersecurity issue”
Regardless of the motivation, Ray believes that the incident highlights the importance of preventing DDoS attacks, an area often overlooked when it comes to an organisation’s cybersecurity:
“The reason DDoS attacks are successful is simply because DDoS isn’t always perceived as a cybersecurity issue. Consider that DDoS doesn’t actually steal anything itself, beyond slowing or stopping businesses in some cases. DDoS is more of an uptime and reliability factor for businesses.
“Companies have to ask themselves what the cost is for downtime and media attention for these types of attacks – is the cost of mitigation worth the cost of downtime and brand? It’s a simple equation and one most businesses have already done. Wikipedia likely determined the cost of protection was more than the cost of DDoS business impact.”
He believes that their impact should not be underestimated:
“The impact of the DDoS attack is a degradation of Wikipedia’s service. Users’ experience may be very slow or may be prevented altogether depending on the severity of the attack. Consider the difference in cost of downtime to a website like Wikipedia as compared to an e-commerce site in cyber Monday. Timing, strength and target are all considerations that impact how the user will be impacted.”
Ray urges businesses to prioritise their prevention:
“The only reason a business gets taken offline due to a DDoS attack these days is because they deemed DDoS attacks as a low priority attack and likely considered the impact of such an attack to be minimal to the business objectives overall.”