On Saturday, a DDoS attack knocked offline the UK National Lottery impeding Britons to buy the tickets on the www.national-lottery.co.uk website or through its associated app.
According to DownDetector reports, thousands of angry gamblers were unable to participate the Lottery.
The National Lottery apologized to customers unable to use its online services.
We're very sorry that many players are currently unable to access The National Lottery website or app. Our 46,000 retailers are unaffected.
— The National Lottery (@TNLUK) September 30, 2017
The National Lottery confirmed that the outage was caused by a major distributed denial-of-service (DDoS) attack, it hasn’t provided further details about the incident.
It is still unclear who is behind the attack and if the attackers attempted to blackmail the National Lottery.
Experts speculate that the DDoS attack was launched by the hacker group “Phantom Squad” that sent threatening emails earlier this month, warning of DDoS attacks on Saturday 30 2017 unless a ransom was paid.
Phantom Squad launched several cyber attacks against many firms in the gaming industry. In 2015 the hackers targeted the Electronic Arts and Steam, in 2016 the group and PoodleCorp hit Steam and Origin Servers.
The gaming industry is particularly exposed to DDoS attacks that could cause serious damage, and crooks are aware of such kind of exposure.
“DDoS attackers are only too aware that the online gaming and gambling industry are particularly reliant on their websites remaining accessible, and have no qualms about harnessing botnets to launch denial-of-service attacks to bring services to their knees.” reads a blog post published by ESET.
The incident demonstrates that the UK National Lottery, even if is considered a privileged target of hackers, hasn’t adequate countermeasures to mitigate the threat.
(Security Affairs – UK National Lottery, DDoS attack)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.