Cyber attacks on political groups and campaigns are becoming more common. Are they now par for the course and what can political targets do to stop them?

The UK Labour Party was recently hit by a large scale distributed denial-of-service (DDoS) attack on its digital platforms. The incident was reported to the National Cyber Security Centre, but the party is confident there was no data breach.

This may be the first cyber attack of the pre-election period, but it probably won’t be the last. Politically motivated cyber attacks have become commonplace, the most high profile being the 2016 US presidential campaign, which continues to resound in US politics. But that isn’t an isolated incident and recent research from Microsoft found over 800 such attacks in the last year, including four DDoS attacks on a Democratic congressional candidate’s website during a US state primary.

DDoS attacks are common

DDoS attacks draw on multiple endpoints to overwhelm a server and reduce (or prevent) access to a website or online application. They are a fairly natural fit for hacktivists or disengaged politicos as they prevent genuine traffic and are reputationally damaging. If a service is disrupted or restarted, DDoS attacks can also aid in a data breach. 

But DDoS attacks are used more broadly and they continue to rise in terms of frequency, with an 18% increase in the second quarter of 2019, compared with the same time last year. The volume of attacks isn’t the only problem. They are also becoming more powerful, with the 2018 attack on GitHub topping out at 1.3 Tbps versus major attacks in 2014 reaching 400-500 Gbps.

One reason behind the increased bandwidth in DDoS attacks is the growth of the Internet of Things (IoT). In 2016 the Mirai botnet leveraged IoT devices to launch a DDoS attack on DNS provider Dyn, taking major sites offline including Twitter, Netflix, Reddit, Soundcloud, Spotify and CNN among others. Since then, the use of IoTs has been a regular feature and as 5G becomes widespread, increased internet speeds and lower latency means these sorts of attacks are likely to increase further

How to stop a DDoS attack

As ever, practising good cyber hygiene is a must: such as applying effective firewalls, anti-virus, threat detection, monitoring and good patch management. But there are a number of commercially available tools to monitor server traffic and flag unusually high activity, helping to identify and stop DDoS attacks sooner. Cyber incident management and resilience procedures should consider the impact of a DDoS attack, with clearly defined roles and responsibilities to resume business as usual.