The Labour Party's digital platforms have been subjected to a second DDoS attack using botnets today (Tuesday) after reporting a "sophisticated and large-scale cyber-attack" happening yesteday.
On Monday users within the office of SC Media UK’s parent company Haymarket told SC Media UK that they were unable to access the party’s main website; subsequent security procedures were reported to have slowed down some election campaign activities, but by this morning were said to be "back up to full speed" according to a Labour spokeswoman. The spokeswoman was also reported as saying: "We took swift action and these attempts failed due to our robust security systems. The integrity of all our platforms was maintained and we are confident that no data breach occurred."
Labour is saying no data has been stolen in the second attack either and that while, "...users may be experiencing some differences. We are dealing with this quickly and efficiently."
Labour's head of campaigns, Niall Sookoo, was reported as saying: "Yesterday afternoon our security systems identified that, in a very short period of time, there were large-scale and sophisticated attacks on Labour party platforms which had the intention of taking our systems entirely offline.
"Every single one of these attempts failed due to our robust security systems and the integrity of all our platforms and data was maintained.
The attack has been reported to the National Cyber Security Centre.
No attribution has been made about whether it could be domestic opponents prior to the 12 December election, but it now appears it was not a state attacker so not related to Labour currently calling for release of a government report on alleged interference in UK politics by Russia.
In an email to SC Media UK Piers Wilson, head of product management at Huntsman Security commented: "The Labour Party’s announcement highlights the risks the whole country faces in the run up to the General Election. There have been widespread attempts to manipulate elections and public opinion through hostile media and social media activity in the past. But direct disruption or manipulation of the election process itself, news media or political parties could cause chaos, disruption or disinformation on a much larger scale. This needn’t focus on the final vote. As we have seen today, attacks on political parties or other organisations involved in the process can be just as effective – especially if they are softer targets or could sway public opinion.
"We must ensure that our elections – and our democracy – are secured from cyber-criminals and other outside bodies looking to influence and subvert both the election and run-up to it. The announcement today may not be the last: all parties and other organisations must be ready to defend themselves from potential hackers to ensure that the election can take place in a fair and unbiased manner."
Carl Wearn, head of e-crime at Mimecast emailed SC Media UK to note how: "A Distributed Denial of Service (DDoS) attack is relatively simple to carry out and involves overwhelming a website with traffic so that it slows down and becomes inoperable. Websites need to be able to handle increased volume of traffic at various times and this is achieved by testing and potentially throttling the throughput of communication. There is an increased risk during such an attack that simultaneous efforts are made to compromise the site and any related infrastructure whilst it is not functioning properly. This can lead to more significant long term compromise and data loss."
Wearn concludes that given the targeting of this attack it is almost certainly some form of hacktivism or hostile state sponsored activity which could be aimed at exfiltrating sensitive information from the Labour party's infrastructure as we approach an election. "I would urge them, and anyone suffering from a similar form of attack, to carefully review their logs and internal data for any indicators of compromise following such an attack to ensure that no long term compromise or data exfiltration has taken place."
"There is a recent guidance from the National Cyber Security Centre (NCSC) dated 7th September 2019 which was re-issued following the Wikileaks hack. I would urge organisations to read and understand the advice given in that guidance."
Kaspersky issued a statement on the attack saying: "We see DDoS attacks being leveraged against political parties frequently – it is almost commonplace, especially in the run-up to elections. Our latest DDoS figures show a huge spike in overall activity in September 2019 – whilst the average duration of sophisticated DDoS attacks in Q3 2019 has almost doubled compared to Q3 2018. To ensure they are safe against such attacks, all organisations must regularly review their information security processes – not just during heightened threat periods – and educate staff on how to keep their own, and others’, information secure."