Attacks on the Swedish and British government websites were reported recently but I suspect many others go unreported or are contained by the government communications team.
Occasionally, you hear of a success story where an attack was circumvented. In one case I heard about, a distributed denial-of-service (DDoS) attack hit the Mexican Federal Electoral Institute (Instituto Federal Electoral (IFE)), a government organisation responsible for organising presidential elections, as well as the elections that make up the upper and lower chambers of the congress of the union.
So you may wonder why hacktivists wanted to attack this particular government. In this case, there was a major occasion on the horizon, the presidential elections. Therefore the CIO of IFE anticipated that attacks such as a DDoS would be launched and decided that preventative action was required.
He increased the dedicated bandwidth for the election process to over 600Mbps (around 300 times the average web connection in Mexico), worked with its ISP to secure a managed DDoS service, in this case opting for Arbor Networks' Peakflow solution and deployed Arbor's Pravail APS for on-premise protection, in order to maintain network availability.
Darren Anstee, EMEA solutions architect at Arbor Networks, told SC Magazine that the Mexican federal government was prepared in advance and increased its bandwidth so it was not taken down.
He said: “It is easy and they had a hybrid service so that the network and cloud defended against attacks.
“This was about political and ideological attacks against voting stations, but they all stayed up. You can prepare yourself, so it is not so much about DDoS attacks, but about preparation of services and processes.”
In the end, despite sustained attacks leading up to, during and after the elections by hacktivist groups, the government website maintained availability throughout and the elections passed without incident. Enrique Pena Nieto won decisively.
Talking to Anstee about the state of DDoS attacks, he said that the biggest attack vector remains the application layer, but that often it a combination of layers that are attacked, especially when it is from hacktivists such as Anonymous.
“We see a lot of noise directed at application layers and more sophisticated stuff also, such as UDP floods, SIEM floods and slow loris attacks. We do still see LOIC but it is usually more advanced. Attacks are a sophisticated business and with capabilities of attack vectors, it is getting more sophisticated,” he said.
“We do not see much DDoS on mobile, I am not sure whether this is not detected or whether it is not there. This will grow, and in future there will be more devices and faster speeds. This move will be because of a business need for mobile working, driven by YouTube and online videos.
Earlier this year Arbor Networks detected the first DDoS attacks against the IPv6 infrastructure, and the February report claimed that large volumetric DDoS attacks were the ‘new normal'.
It seems that while the defences are as strong as the attacks, the occasional success story may not hurt to boost morale among world governments.