Two separate DDoS attacks struck the Labour Party's website on Tuesday, temporarily disrupting its operation but ultimately failing to take the website down either temporarily or permanently.
While the first DDoS attack failed to create any impact, the second wave of DDoS attacks left the Labour Party website running at sub-optimal speed. The website is presently being protected by Cloudflare's DDoS protection service and is not accessible to visitors at the moment.
"We have ongoing security processes in place to protect our platforms, so users may be experiencing some differences. We are dealing with this quickly and efficiently," said a Labour Party spokesperson.
In a statement issued yesterday, the National Cyber Security Centre said that the cyber incident affecting the Labour Party was a Distributed Denial of Service (DDoS) attack that sought to disrupt web services by overwhelming them with traffic.
"DDoS attacks are a common form of attack, used by a very wide range of attackers. Mitigation techniques are available and worked in this case. The nature of DDoS attacks often makes it difficult to attribute responsibility for them to a particular group.
"The NCSC has worked closely with political parties for several years on how to protect and defend against cyber attacks. We met the major parties last week ahead of the General Election.
"In terms of this incident, the Labour Party followed the correct, agreed procedures and notified us swiftly. The NCSC is confident the party took the necessary steps to deal with the attack. The attack was not successful and the incident is now closed," it added.
Ronan David, VP of Business Development at EfficientIP told TEISS that the DDoS attack reportedly used botnets to amplify its effectiveness, allowing hackers to flood the political party’s digital platform and block legitimate users from accessing the website.
Political parties must ensure their systems are resilient to DDoS attacks
"While this mainly impacted on IT systems’ efficiency, DDoS attacks can be significantly disruptive, as shown recently by the city of Johannesburg and Amazon Web Services both being crippled by the same tactic. As such, detection and mitigation of sophisticated attacks requires continuous vigilance and purpose-built DNS security, otherwise critical functions of essential services could cease to function without warning.
"The latest cyber attack on the British Labour Party was unsuccessful in extracting data this time round, but attacks on political bodies like these risk exposing extremely sensitive personal information or, at worst, potentially interfering with the UK’s politics at a sensitive time," he added.
"They [DDoS attacks] don’t normally represent any threat to data or information and can be defended against and recovered from quite easily if the victim has robust cybersecurity policies in place. It’s hardly surprising that the Labour Party has been targeted given the current political landscape in the U.K.
"If anything this should serve as a warning to all the other parties and organisations responsible for the secure administration of our democracy to ensure they have their digital houses in order," said Brian Higgins, security specialist at Comparitech.com.
"The recent attempted attack on the UK Labour Party underscores a significant issue impacting nations worldwide. Whilst this latest attempt at disrupting the democratic process points to a DDOS attack, which was thankfully foiled, these types of attacks are often used as diversions whilst others are being carried out. As such, UK political parties need to be on high alert over the next month pending the UK General Election and be monitoring for cyber threats against the country’s democratic tools," said Ryan Kalember, executive vice president of cybersecurity strategy at Proofpoint.
"Other threats we have seen deployed against the election process include targeted email attacks, designed to gain access and publicise sensitive party data during the critical final stages of a campaign, and influence the result.
"Additionally, we have seen threat actors spoof the identities of political parties to spread misinformation and mislead voters with ‘fake news’. The fake news phenomenon poses a serious threat to political parties and figures that need to protect their brands and reputations online, to safeguard election successes and long term public trust," he added.