On Saturday the UK National Lottery's website was down – just as those players who stake online, rather than in retailers, were trying to pick their numbers and part with their cash – thanks to a DDoS attack.
Hitting a retail business causes it to loose money, but in the case of many time-sensitive events, that money can never be recouped, which was why newspaper print unions were so strong – yesterday's news is no good tomorrow, and a bet now on last night's lottery won't win you much either. Both the gaming sites and the DDoS attackers know this, making gaming both highly targeted and highly defended.
On the other hand, although there are other lotteries, there are not a lot of direct competitors to the National Lottery, so while it offered an apology to those customers unable to use its smartphone app or access its website, a quick fix is likely to retain their custom, but each hit is a direct revenue loss.
According to downdetector, and later confirmed by the National Lottery, the cause was indeed a DDoS attack, but it is not clear if it was the subject of a ransom, or if it might have been a demonstration of capability ahead of a future threat of attack.
Kirill Kasavchenko, principal security technologist at Arbor Networks emailed SC Media UK to comment: “This latest DDoS attack shows that cyber-criminals are still up to old tricks, this time deliberately targeting the National Lottery website at a time of peak demand. We can also see that response plans are often not up to scratch, with the incident lasting 90 minutes. Websites who are unable to contain a DDoS attack like this risk losing their audience to competitors if they are unable to minimise the disruption, so it is essential that organisations expect cyber-attacks and know how they will respond.
“All organisations must examine their current DDoS defences, and decide whether their current processes are robust enough to ensure operations will not be halted by a DDoS attack. To guard against such attacks, organisations should implement best current practices for DDoS defence. That includes hardening network infrastructures, ensuring complete visibility of all network traffic, and implementing sufficient DDoS mitigation capacity and capabilities. Those mitigation defences ideally should be a combination of on-premises and cloud-based DDoS mitigation services. It is also crucial that organisations ensure their DDoS defence plan is kept updated and is rehearsed on a regular basis.”