Irish Lottery Taken Out by DDoS Ahead of Jackpot Draw

Irish Lottery Taken Out by DDoS Ahead of Jackpot Draw

The Irish National Lottery was thrown into disarray last week after a Distributed Denial of Service (DDoS) attack took servers offline ahead of a major jackpot draw.

The website and ticket machines were taken out of action for about two hours, making it impossible for customers to buy tickets for the €12 million (£9m) prize.

National Lottery operator Premier Lotteries Ireland has said it is investigating what happened, although a spokeswoman told the BBC that no “gaming system or player data” was affected.

Mark Chaplain, VP EMEA for network security firm Ixia, argued that the advent of “DDoS-as-a-service” has made it easy for cyber-criminals to disrupt even large sites usually equipped to deal with high traffic volumes.

“Organizations can mitigate the impact of these attacks by reducing their attack surface – blocking web traffic from the large numbers of IP addresses that are known to be bot-infected, or are known sources of malware and DoS attacks,” he added.

“Using an appliance specifically for line-speed IP address filtering can deliver this protection by simply eliminating the malicious traffic, helping to keep resources running.”

Meanwhile, Igal Zeifman, senior digital strategist at Imperva, said it’s common for DDoS attackers to strike during predictable peak traffic times such as prior to major jackpots like this one.

“Such attacks maximize the damage potential of the assault by applying additional pressure on the already-strained organizations and network infrastructures,” he added.

Paul Heywood, EMEA managing director at internet performance company Dyn, argued that firms need to be better prepared and aware of the risks.

“By using tools and installing technology that allows businesses to know and understand its network’s normal behavior, IT teams can be made aware of any abnormal incidents such as DDoS attacks, enabling them to make any necessary remedial actions quickly,” he said.

“Some tools in the market can even preemptively understand when a DDoS attack may be about to occur using modelling from past DDoS attacks and alerting companies that an attack may be near.”

It is reported that several Irish government sites were subsequently hit in similar looking DDoS attacks on Friday.

Source: Information Security Magazine