Cyberattack On UK Labour Party System – Experts Reactions

Just one month before the UK’s general election, Labour has revealed it has been hit by two large-scale cyberattacks on its digital platforms. Whilst the Labour party states its IT systems have withstood the first attack with no detected data breaches, the distributed denial of Service (DDoS) attack has left the website running at sub-optimal speed, with a second attack now plaguing its platform.


EXPERTS COMMENTS
Anthony Webb, EMEA Vice President ,  A10 Networks
November 19, 2019
The choice of defensive policy will be determined by the size of the enterprise and its resources.
Distributed denial of service (DDoS) attacks present one of the most dangerous forms of cyber threat for political parties and can cause serious reputational and financial damage. This is especially prominent during a General Election campaign when the party will be engaged in influencing voters, thus widening their cyber footprint. The UK Labour Party has suffered two DDoS attacks in quick succession, indicating that similar, future attacks are likely. While the political parties participating will be on-guard following this latest attack, they all must be prepared for even more sophisticated, multi-vector application layer attacks throughout the remainder of the election period, that could seriously undermine their campaign. An always-on DDoS protection system between the open web and servers is essential. Network security professionals need to embrace an extensible and adaptable position to detect both application and network attacks. The choice of defensive policy will be determined by the size of the enterprise and its resources. But as the number of high-profile campaign blackouts skyrockets, it’s worth reassessing expenditure and risk levels to combat these threats. Ultimately, key political parties that cannot ensure that their campaign communication channels are continuously available, risk severely damaging their election campaigns – and may appear untrustworthy in the eyes of constituents. The key is to be prepared: the question is not if but when an attack will come. As we’ve seen in the last three years, cyber-attacks are now commonplace when nationwide elections or referendums are taking place.
Andy Heather, VP,  Centrify
November 13, 2019
Tackling this growing threat requires all political parties to take the risks posed by hackers extremely seriously.
Outside interference in general elections from malicious parties and cyber criminals can jeopardise trust in the democratic process. Tackling this growing threat requires all political parties to take the risks posed by hackers extremely seriously, particularly when confidential voter data including contact details and home addresses are at risk in a breach. All too often we’re seeing online criminals gain access to databases using stolen log-in details and passwords bought in the dark web. With this behaviour on the rise, adopting a zero-trust approach is critical, ensuring every worker can verify that they are who they say they are to keep hackers at bay.
Tim Dunton, MD,  Nimbus Hosting
November 13, 2019
With the general election in full swing and all the main parties investing heavily in digital campaigns.
With the general election in full swing and all the main parties investing heavily in digital campaigns, it’s no surprise that malicious hackers are hoping to cause chaos and damage the democratic process. This incident is another reminder of why ensuring the highest standards of cyber security are in place to protect party websites and confidential voter data from theft. Additionally, it’s vital that all staffers are fully up to speed with the latest data protection rules and regulations and are aware of the risks posed from phishing and malware attacks.
Boris Cipot, Senior Sales Engineer ,  Synopsys
November 13, 2019
It is a complex task to find the issuer of a DDoS attack.
A DDoS (Distributed Denial of Service) attack attempts to disrupt a network service by bombarding it with requests. A DDoS attack could shut down a webpage, for instance, if too many computers request the webpage at once, thus causing the webserver to be unable to handle the magnitude of responses. Such an attack can be issued to a specific network service/resource or its surrounding infrastructure. To carry out a DDoS attack, the attacker utilizes zombie machines (i.e., machines infected with malware) connected to a so-called Command and Control server which can issue a command to them. The zombie machines then fulfill the command and attack the target. Zombie machines can include computers as well as IoT devices. It is a complex task to find the issuer of a DDoS attack. One would need to first find the computer from which the DDoS has been issued, see the malware that is responsible for the attack command and then investigate the criminal or group that issued it. It is however promising to see that a robust security strategy and a prepared cyberattack procedure have prevented further damage. This scenario illustrates that a mature security initiative and well-prepared incident response plan are crucial.
Sam Curry, , Chief Security Officer,  Cybereason
November 13, 2019
This is a reminder that we should all become more resilient.
DDoS is done to deny service, disrupt business or to punch your opponent square in the mouth. Most DDoS attacks are not particularly sophisticated and can be readily handled with the right products and services. However, most organisations aren't prepared for high volume or application-level attacks to their networks. DDoS attacks are notoriously difficult to attribute to particular actors or players, such as rogue hackers, a disgruntled hacktivist group, or the unlikeliest a nation-state group. As we head into Brexit, the UK general election on December 12 and the 2020 US Presidential elections, this is a reminder that we should all become more resilient. Whether this is simply DDoS for hire for pennies for a gigabit is largely irrelevant. While it is early to speculate on this particular attack being a test of the network security capabilities of the Labour Party, based on previous misinformation campaigns targeting elections in the UK, U.S. and against other nations, expect additional threats to surface and the Labour Party to be tested time and time again in the future.
Eoin Keary, CEO and Cofounder,  Edgescan
November 13, 2019
Many cloud providers offer DDoS protection services which are worth considering for transactional sites.
Cheap computing power and cloud availability has resulted in a rise of such Denial of service attacks. They are a less popular attack vector than ransomware but nevertheless can affect the availability of a website or service quite quickly. Many cloud providers offer DDoS protection services which are worth considering for transactional sites, which if were made unavailable may result in revenue loss.
Robert Ramsden Board, VP EMEA ,  Securonix
November 13, 2019
The failure of the attack against the Labour Party headquarters should act as a reminder to political organisations of the enormous benefits.
Large scale cyber-attacks against political organisations is growing concern for political parties. As attackers become more sophisticated and persistent in their methods governments and political organisations need to invest in robust security systems to avoid operational disruptions or data loss. The failure of the attack against the Labour Party headquarters should act as a reminder to political organisations of the enormous benefits of having cybersecurity protections in place. The attack against the Labour party is reported to have been a DDoS attack. These types of attacks can be difficult to deal with and while they don’t steal data, they can render a service unavailable and unusable. But, in some cases, DDoS attacks can be a distraction from an attackers’ attempt to steal data. Labour have stated that no data has been stolen in this attack, however, any organisations that are victim of a cyber-attack should do their due diligence and check all systems for malicious activity or data loss.
Dan Pitman, Principal Security Architect,  Alert Logic
November 13, 2019
It’s entirely plausible that someone without any hacking experience paid for the DDoS attack on the ‘dark web’ from what is known as a ‘booter’.
There is no information on who the culprits might be right now, but a DDoS attack is not complex to arrange but takes resources to setup from scratch. It’s entirely plausible that someone without any hacking experience paid for the DDoS attack on the ‘dark web’ from what is known as a ‘booter’ – a paid-for service where a hacking group will lease out their existing botnet to perform the attack. The barriers to entry for a DDoS attacker has been significantly lowered, offering users the option to anonymously attack any target, for a nominal fee. Whilst attacks have been reported during previous general elections, for example government systems being compromised during the 2015 Election (with some politicians and security services later blaming Russia), a deliberately disruptive attack against a specific party is unusual. A DDoS attack is where an attacker uses a set of compromised systems to make a huge amount of requests to a service to make it unavailable, the set of compromised systems is called a botnet. This botnet is effectively a large set of drones that are not necessarily connected to the attacker. Due to this tracking down the actual culprit is difficult, unless they decide to boast about it or make themselves known within the hacking community. Considering the attack fundamentally failed to cause significant disruption this seems unlikely.
Kieran Roberts, Head of Penetration Testing ,  Bulletproof
November 13, 2019
DDoS alone is not necessarily a sophisticated attack; it could literally be driven by a single individual with a botnet.
DDoS alone is not necessarily a sophisticated attack; it could literally be driven by a single individual with a botnet. The issue with DDoS is the pure volume of traffic which can also be used as a smokescreen, that's not to say that this is the case here though. At the moment we don’t have a lot of info, but certainly, interesting timing given the Government’s refusal to release their report into nation-state interference in the Brexit referendum and the last general election. In terms of how to catch the culprits, it's almost impossible, the whole point is that the attack is distributed, so working out who is controlling them all is very difficult.
Jake Moore, Cybersecurity Specialist,  ESET
November 13, 2019
It is likely that all of the political parties will continue to be targeted during the campaign period.
In the run up to a general election, political parties become an even bigger target than usual. Attacks may not necessarily come from within the opposition, but more likely from someone trying to either raise awareness, or simply make noise. If this attack had been more successful, it could have had some rather embarrassing results, but it still stands as a warning to all political parties to raise their awareness and add even more robust multi-layered protection. It is likely that all of the political parties will continue to be targeted during the campaign period, but members of these organisations must remember to stay vigilant, and not be so quick to click. Staff should receive regular cybersecurity training at a time like this, as if an attack was to get through and start exposing or encrypting data, it could have serious consequences beyond just network damage.
Mike Fentonat , CEO & the Threat Detection and Response Specialist,  Redscan
November 13, 2019
Kudos to the Labour party for detecting and responding to the attack early.
Politically motivated cyber-attacks are nothing new, but the fact that they are now more targeted and advanced than ever, presents a growing danger to democracy. The pressure is on the intelligence services to identify where this attack came from, which may be easier said than done. While details around the attack remain scant, it is difficult to speculate on who the perpetrators might be. Nation state attackers are particularly good at covering their tracks so any forensic investigation is unlikely to be straightforward. Kudos to the Labour party for detecting and responding to the attack early. Many organisations in the public and private sector still lack appropriate controls to protect data and systems against the latest threats.
Azeem Aleem, VP Security Consulting UK&I,  NTT
November 13, 2019
The traditional security perimeter is melting and so the attack surface is increasing.
We have seen some evidence of targeted cyber-activity previously in the US elections and with our own General Election just one month away this attack serves as a wake-up call to UK political parties as to the length which cyber criminals are prepared to go to disrupt, not just for commercial and national security implications but in this case, for political gain too. The traditional security perimeter is melting and so the attack surface is increasing and it’s time to face up to the facts, no-one is safe from cyber-attacks which is why a holistic view of how we protect these systems is critical. It’s early days but it will certainly be interesting to see where this attack originated and whether its underlying aim was sabotage.
Anthony Chadd, Global SVP,  Neustar
November 13, 2019
Increasingly, hackers are moving away from large-scale DDoS attacks, to smaller, hyper-targeted ones.
With the Labour Party announcing today that it has successfully guarded against a DDoS attack on its digital platforms, new concerns have been raised about the security of sensitive government information as we rapidly approach the 2019 general election. While the attack originated from computers in Brazil and Russia, it was reportedly not state sponsored. And yet it serves as an important reminder to public sector leaders and security teams about the sheer importance of always-on cyber-defenses, especially in the current heightened political landscape. Increasingly, hackers are moving away from large-scale DDoS attacks, to smaller, hyper-targeted ones that fly under the radar of an organisation’s defences. Crucially, to detect and mitigate against DDoS attacks of all sizes, protection needs to span across a variety of areas, from the perimeter to websites and applications, underpinned by intelligence. As demonstrated by this Labour Party case, having a robust web security strategy and best practices in place from the beginning is vital, particularly as hackers become more sophisticated and constantly innovate to cause maximum pain for their victims. Because the cost of not doing so can not only have a significant financial and regulatory impact but also influence how citizens choose to vote.
Ryan Kalember, Executive Vice President of Cyber Security Strategy,  Proofpoint
November 13, 2019
The recent attempted attack on the UK Labour Party underscores a significant issue impacting nations worldwide.
The recent attempted attack on the UK Labour Party underscores a significant issue impacting nations worldwide. Whilst this latest attempt at disrupting the democratic process points to a DDOS attack, which was thankfully foiled, these types of attacks are often used as diversions whilst others are being carried out. As such, UK political parties need to be on high alert over the next month pending the UK General Election and be monitoring for cyber threats against the country’s democratic tools. Other threats we have seen deployed against the election process include targeted email attacks, designed to gain access and publicise sensitive party data during the critical final stages of a campaign, and influence the result. Additionally, we have seen threat actors spoof the identities of political parties to spread misinformation and mislead voters with ‘fake news’. The fake news phenomenon poses a serious threat to political parties and figures that need to protect their brands and reputations online, to safeguard election successes and long term public trust.
Stuart Reed, VP ,  Nominet
November 13, 2019
This is the first stone to be thrown in the cybersecurity space for this election but it won't be the last.
The news of a ‘large-scale cyber attack’ on the Labour Party’s digital platforms really comes as no surprise. Arguably, it was only a matter of time before the fierce competition on the campaign trail made its way into the online world. Whether this was an attack by another party or an outsider hasn’t been revealed, but it demonstrates that these elections, more than any other, will be fought both in the virtual and physical world. A cyber-attack in the political world has additional consequences, not least because it can sway public sentiment in a way that determines future governance. How the public views the attacked and the attacker will give them an impression of their digital competency and cyber maturity. While the Labour Party seems to have defended against this attack, it will be interesting to see if others can do the same. It will also tell us a lot about priorities and the type of cyber defence being used to achieve both holistic visibility and the ability to identify and eliminate threats early; an area where network detection and response can be critical. This is the first stone to be thrown in the cybersecurity space for this election but it won't be the last. As we've seen in examples across the world, the political environment is now inseparably intertwined with the cyber world and the consequences of any major attack could go down in history.
Corin Imai, Senior Security Advisor ,  DomainTools
November 13, 2019
The incident is an example of just how susceptible to cybercriminal activity our democratic process can be.
This should be a significant concern to all voters in the UK regardless of their political viewpoints. During a General Election, it is imperative that the main political parties are all given a fair and impartial hearing, and considering the importance of digital campaigning in modern election cycles, a DDoS attack such as this could give other parties an advantage. While there is no indication of where this cyberattack comes from, and it is obviously encouraging that the Labour party said these attempts failed, the incident is an example of just how susceptible to cybercriminal activity our democratic process can be.
Ronan David, VP of Strategy and Business Development,  EfficientIP
November 13, 2019
The DDoS (Distributed Denial of Service) attack reportedly used botnets to amplify its effectiveness.
The latest cyber attack on the British Labour Party was unsuccessful in extracting data this time round, but attacks on political bodies like these risk exposing extremely sensitive personal information or, at worst, potentially interfering with the UK’s politics at a sensitive time. The DDoS (Distributed Denial of Service) attack reportedly used botnets to amplify its effectiveness, allowing hackers to flood the political party’s digital platform and block legitimate users from accessing the website. While this mainly impacted on IT systems’ efficiency, DDoS attacks can be significantly disruptive, as shown recently by the city of Johannesburg and Amazon Web Services both being crippled by the same tactic. As such, detection and mitigation of sophisticated attacks requires continuous vigilance and purpose-built DNS security, otherwise critical functions of essential services could cease to function without warning.

If you are an expert on this topic:

Dot Your Expert Comments

SUBSCRIBE to alert when new comments are posted on this news. :



Join the Conversation

Join the Conversation


In this article