A distributed denial of service (DDoS) attack shut down the National Lottery website for over an hour on Sunday night, Camelot has confirmed.
Thousands of people were unable to buy tickets from the National Lottery website after the distributed denial of service (DDoS) attack took place.
According to Camelot, unknown hackers flooded the National Lottery website with online traffic at 6PM on Sunday, thereby causing a shutdown that lasted around 90 minutes. The DDoS attack prevented thousands of people from buying lottery tickets from the website until 7:30 PM on Sunday.
“Unfortunately, as experienced by many companies, The National Lottery website was subject to a DDoS (Distributed Denial of Service) incident for around 90 minutes this evening (from around 6 pm until 7.30pm).
“This affected players trying to buy tickets from our website and via our App, although players could still buy tickets from one of our 46,000 retailers. We would like to apologise to players for the inconvenience caused in this case,” said Camelot in a statement.
It is not known if the hackers behind the DDoS attack harboured a larger motive other than bricking the lottery website. In November of last year, cyber criminals accessed around 26,500 National Lottery accounts after breaching the site and it is not known if hackers behind both incidents are the same.
Despite accessing thousands of accounts last year, hackers were unable to get their hands on any sensitive or financial information as National Lottery online accounts did not contain any such data.
Even though Camelot had then suspended fewer than 50 altered accounts and had instigated a compulsory password reset on the full 26,500 accounts that were compromised, a repeat cyber attack on the website suggests that not much was done since then to improve the website's defence against improvised DDoS or malware attacks.
"Websites who are unable to contain a DDoS attack like this risk losing their audience to competitors if they are unable to minimise the disruption, so it is essential that organisations expect cyber-attacks and know how they will respond," says Kirill Kasavchenko, Principal Security Technologist at Arbor Networks.
Adding that organisations must review their cyber defences against DDoS attacks to gauge whether their defences are robust enough to ensure continuing operations of websites despite DDoS attacks, Kasavchenko says organisations should harden network infrastructures, ensure complete visibility of all network traffic, and implement sufficient DDoS mitigation capacity and capabilities.
“Cyber-criminals are an ever present threat, so organisations must act now to protect their operations from damaging interferences,” he concludes.