Attackers targeted an array of servers with a flurry of distributed denial of service (DDoS) attacks over the weekend, crippling online encyclopedia Wikipedia, as well as popular online role-playing game World of Warcraft Classic.
DDoS attacks are bent on taking websites offline by overwhelming domains or specific application infrastructures with massive traffic flows. Troy Mursch with Bad Packets Report confirmed to Threatpost that the DDoS attacks targeting the gaming servers and Wikipedia over the weekend are related.
According to third-party service Down Detector, Wikipedia was first impacted on Friday evening for millions of users, who reported issues in Europe, the U.S. and parts of the Middle East. In a press release, the Wikimedia Foundation – the non-profit owner of the Wikipedia domain – blamed the takedown, which continued on until Monday morning, on an attack of its servers by “bad actors.”
“Today, Wikipedia was hit with a malicious attack that has taken it offline in several countries for intermittent periods,” according Wikimedia’s Saturday statement. “The attack is ongoing and our Site Reliability Engineering team is working hard to stop it and restore access to the site.”
Wikipedia has been experiencing intermittent outages today as a result of a malicious attack. We’re continuing to work on restoring access. #wikipediadown
— Wikipedia (@Wikipedia) September 7, 2019
While there has been no follow-up post from Wikimedia on the status of the impacted Wikipedia projects hosted by the affected servers, it appears that as of Monday morning the website was back up and running, with some help from web infrastructure security company Cloudflare.
“We condemn these sorts of attacks,” according to Wikimedia. “They’re not just about taking Wikipedia offline. Takedown attacks threaten everyone’s fundamental rights to freely access and share information. We in the Wikimedia movement and Foundation are committed to protecting these rights for everyone.”
Also this weekend, DDoS attack hit servers hosted by Blizzard Entertainment, an American video game developer that makes the World of Warcraft games. World of Warcraft Classic for American and European gamers appeared to be specifically impacted starting on Saturday, according to a tweet by Blizzard that acknowledged the incident.
“We are currently monitoring a DDoS attack against network providers which is affecting latency/connections to our games,” the company said in a tweet on Sunday. According to the company, the attack impacted “some online services.”
Some online services continue to be impacted by a series of DDoS attacks which are resulting in high latency and disconnections. These disruption effects have been felt by a portion of our players, impacting their gaming experience. Thank you again for your continued patience.
— Blizzard CS – The Americas (@BlizzardCS) September 7, 2019
The attack is reminiscent of a DDoS attack in 2017 of Blizzard Entertainment that created chronic latency and connection issues for players of games Overwatch, World of Warcraft and others.
“It’s surprising [Blizzard Entertainment] haven’t employed proper DDoS mitigation tactics to handle these situations,” Mursch told Threatpost. “Solutions exist at the hardware level… that could minimize the impact of large-scale DDoS attacks against gaming servers. In Wikipedia’s case, they began using Cloudflare’s services after the attack to prevent further downtime.”
Meanwhile on Saturday, operators behind a Twitter account called “UkDrillas” claimed they were behind the Wikipedia and Blizzard DDoS attacks. However, there is no confirmation that the operators of this Twitter account are the culprits. The Twitter account has since been suspended.
A new skids band is in town. @UKDrillas claimed they are behind the DDOS attack of Wikipedia.
You’ll never learn… Bragging on Twitter (or elsewhere) is the best way to get caught. I hope you run fast. pic.twitter.com/f97aj6ttwZ
— Elliot Alderson (@fs0c131y) September 6, 2019
DDoS attacks continue to be a cause of concern for companies. A 2019 Kaspersky report showed that while the sheer number of DDoS attacks are down for the fourth quarter of 2018, the length of time those attacks last have reached record lengths.
In an alert on Saturday meanwhile, the UK National Cyber Security Centre warned of the Wikipedia DDoS attacks and published guidance for protecting against DDoS attacks: ” When a website suffers a DoS attack, it will appear to users that the site has simply stopped displaying content,” it said. “However, for businesses it could mean that the online systems they depend upon have ceased to respond.”
According to that organization, mitigations include: Understanding the points in company services where resources can be overloaded; ensuring that company service providers are ready to deal with DDoS attacks; ensuring that company services can scale to deal with surges in concurrent sessions; and creating an effective response, testing and monitoring plan for dealing with DDoS attacks.