A large-scale and prolonged DDoS attack which caused outages in Europe and internationally for Wikipedia on Friday 6 evening into Saturday 7th September. The Wikimedia Foundation running Wikipedia site condemned the attack saying it wanted to protect the “fundamental right” for people to be able to “freely access and share information”.
News of the Wikipedia downtime was shared on Twitter:
Wikipedia has been experiencing intermittent outages today as a result of a malicious attack. We're continuing to work on restoring access. #wikipediadown
— Wikipedia (@Wikipedia) September 7, 2019
The use of residential IP addresses in this attack allows the bad actors to achieve two end closely related goals. The first and most obvious goal is to amplify the attack by distributing the traffic across a wide range of IP addresses. The second goal is to give the appearance that the attack traffic is legitimate by routing it through seemingly legitimate IP addresses (IoT devices). As described in the recently published research on Bulletproof Proxies, the explosion of home connected devices such as digital assistants, garage doors, refrigerators that are left unsecured allows bad actors to move towards crafting an automated attack that consists of a single request coming from millions of individual, residential IP address distributed globally.
What could be the reason for a DDoS attack on a site like Wikipedia which should ideally have all its checks in place?
There are many different motivations behind DDoS attacks, but most commonly those motivations are political, ethical or religious beliefs, extortion, competitive actions, notoriety, or as a smoke screen for other concurrent cyber attacks. The reason DDoS attacks are successful are simply because DDoS isn’t always perceived as a cybersecurity issue. Consider that DDoS doesn’t actually steal anything itself, beyond slowing or stopping businesses in some cases. DDoS is more of an uptime and reliability factor for businesses. Companies have to ask themselves what the cost is for downtime and media attention for these types of attacks–is the cost of mitigation worth the cost of downtime and brand? It’s a simple equation and one most businesses have already done. Wikipedia likely determined the cost of protection was more than the cost of DDoS business impact.
What could be the impact of the attack on Wikipedia as well as users?
The impact of the DDoS attack is a degradation of Wikipedia’s service. Users’ experience may be very slow or may be prevented altogether depending on the severity of the attack. Consider the difference in cost of downtime to a website like Wikipedia as compared to an e-commerce site in cyber Monday. Timing, strength and target are all considerations that impact how the user will be impacted.
With the scale and considering the attack is ongoing, what should be the best practices, that Wikipedia should follow at the moment?
DDoS is very hard to mitigate in a business’s own data centre because some DDoS attacks can send more traffic than any one data centre could support. A DDoS attack like this one, or of any size and strengths, could be mitigated in minutes using an anti-DDoS service like Imperva’s DDoS Protection.
Any other commentary that you would like to add in general, considering that DDoS attack still remain highly prevalent and damaging?
The only reason a business gets taken offline due to a DDoS attack these days is because they deemed DDoS attacks as a low priority attack and likely considered the impact of such an attack to be minimal to the business objectives overall.
Luckily a DDOS attack on a website may be nothing more than an inconvenience, but it could spell more trouble should threat actors believe they are a weak or easy target for future attacks. The most important way to respond to a DDOS is to strengthen security where possible and plug any gaps that may be currently open. If such an attack was a simple warning shot, further attacks could be imminent. As much as DDOS protection is strengthened, botnet power also increases and such an attack should not be given a blind eye.
The attack shows just how damaging a targeted DDoS campaign can be to an organization. Our Q2 2019 DDoS Report showed a massive 97% year-on-year increase in average attack bandwidths, up from 3.3Gbps in Q2 2018 to 6.6Gbps in Q2 2019, and peak attack volumes have also increased by 25% to nearly 200Gbps – which would overwhelm almost any online operation.
With DDoS-for-hire services offering attacks of between 10 and 100 Gbps to anyone for a modest fee, businesses that rely on their web presence need to deploy DDoS protection solutions that block attacks in the cloud, so that their critical online services can continue to operate without being disrupted.