Thought leadership. Threat analysis. Cybersecurity news and alerts.
Wikipedia and World of Warcraft Classic Targeted for DDoS Attacks
Distributed denial-of-service (DDoS) again made the headlines over the weekend with the attacks on the popular online encyclopedia Wikipedia and popular online role-playing game World of Warcraft Classic. These latest incidents show that malicious actors are continually targeting vulnerable devices and online services for DDoS attacks.
In a statement released last September 7, Wikimedia Foundation, said that Wikipedia was hit with a “malicious attack”, making the site inaccessible to site visitors in several countries for intermittent periods. Wikimedia Deutschland, meanwhile, outrightly called the attack as “DDoS attack”, announcing via its Twitter account that Wikimedia servers, on which Wikipedia is also hosted, are being “paralyzed by a massive and very broad DDoS attack”.
According to the report by the civil society group NetBlocks, Wikipedia became intermittently unavailable as of approximately 6:00 p.m. UTC September 6, 2019 and at 1:30 a.m. UTC, the attack extended to a near-total outage in the United States and much of the world, continuing up until 2:40 a.m. UTC.
Last September 7 also, Blizzard Entertainment, owner of the World of Warcraft Classic, via its Twitter account said, “Some online services continue to be impacted by a series of DDoS attacks which are resulting in high latency and disconnections.”
It isn’t yet confirmed whether the DDoS attacks on Wikipedia and World of Warcraft Classic are related. A Twitter account claiming responsibility on the DDoS attacks on Wikipedia and World of Warcraft Classic was taken down by Twitter.
DDoS Attacks Prevalence
Wikipedia and Blizzard Entertainment are no stranger to DDoS attacks. On May 15, 2019, NetBlocksreported that Wikipedia became temporarily unavailable internationally. NetBlocks said that its global internet observatory data showed that the incident wasn’t related to filtering or blocking, and was rather likely caused by a DDoS attack.
NetBlocks said that DDoS attacks are distinct from state filtering or blocking, as these attacks have broader international impact but typically last for short periods. Wikipedia is totally blocked in Turkey, is varyingly restricted in China, and was briefly filtered in Venezuela early this year.
In August 2017, meanwhile, Blizzard Entertainmentreported another set of DDoS attacks on its networks. No person or group has taken responsibility for the 2017 DDoS attacks on Blizzard Entertainment and May 2019 incident on Wikipedia.
Real-time gaming networks have been favorite DDoS targets by malicious actors. In August 2014, Sony’s PlayStationnetworks were taken offline as a result of a DDoS attack. The threat group called “Lizard Squad” claimed responsibility over the Sony’s PlayStation networks DDoS attack.
KrebsOnSecurityreported that Lizard Squad controlled a botnet comprised of hacked home routers and commercial routers at universities and companies from around the globe. A botnet is a group of computers infected with the same malicious software (malware) and controlled by a threat actor or actors for the purpose of conducting malicious activities such as DDoS attacks. KrebsOnSecurity reported the botnet controlled by Lizard Squad group drew internet bandwidth from routers around the globe by exploiting the use of factory-default usernames and passwords.
The Mirai botnet, a much bigger botnet, which at its height controlled hundreds of thousands of IoT devices such as routers and CCTV cameras, brought down a big chunk of the internet for most of the U.S. east coast as a result of the DDoS attack on Dyn, an internet infrastructure company.
The recent Wikipedia DDoS attack, according to NetBlocks, is understood to have been amplified through insecure devices.
Prevention and Mitigation
In a DDoS attack, both the owners of computers or Internet of Things (IoT) devices and owners of targeted online services play an important role. IoT, such as routers, small as they are, are also computers. Owners of these devices, however, don’t view these devices like typical computers such as laptops, with many owners leaving these devices vulnerable to attacks by opting to use the default-factory login details.
The threat of DDoS attack is real as malicious actors have the technology to control not just IoT devices but ordinary computers as well. French authorities and antivirus solution provider Avastrecently took down the botnet called “Retadup”, which controlled nearly a million computers worldwide. It isn’t yet known how the Retadup malware initially infected these nearly one million computers.
In an ideal world, owners of IoT devices and internet-facing desktop or laptop computers have the responsibility to protect these computers from being used as an army for DDoS attacks by practicing basic cyber hygiene such as changing default-factory usernames and passwords and by applying the latest security updates.
DDoS protection is all the more important in organizations that rely on providing online services. While your organization may have no control over the cyber hygiene of other IoT devices, desktop and laptop users, your organization can undertake cyber security measures in order to mitigate the effects of DDoS attacks.
Mitigating measures against DDoS attacks are broadly categorized into do-it-yourself (DIY) methods, on-premise mitigation appliances and off-premise cloud-based solutions. DIY methods, such as manual IP blacklisting, is often a reactionary measure in response to a successful first DDoS attack that already caused hours of downtime.
On-premise mitigation appliances refer to hardware appliances deployed inside a network and placed in front of protected servers. Compared to DIY methods, on-premise mitigation appliances have advanced traffic filtering capabilities such as geo-blocking, rate limiting, IP reputation and signature identification.
Off-premise cloud-based solutions, meanwhile, offer virtually limitless scalability and don’t require investment in security personnel or expenses for DIY solutions and on-premise hardware.
Connect with our web application securityexperts and protect your mission critical infrastructure in less than 10-minutes.
Steve E. Driz, I.S.P., ITCP