Russian cyberattacks target UK councils and police websites in major DDoS assault 

It’s been confirmed that the Distributed Denial-of-Service (DDoS) cyberattacks that took place on Monday 4th November were intentionally targeted at UK Council and Policing websites. 

Initially, seven local councils were thought to be affected including Hemel Hempstead, St Albans, Salford, Bury, Trafford, Tameside and Dudley. It was later revealed that Portsmouth City Council was also impacted, and Middlesborough Council, which suffered two attacks in one week. 

Russian military confirmed as responsible 

According to the National Cyber Security Centre (NCSC) following these attacks, the UK and its international allies have exposed Russia’s military intelligence service GRU Unit 29155 as being responsible.

The Unit’s campaign of malicious cyber activity, which has been targeting government and critical infrastructure organisations around the world, has been in effect since at least 2020.

Also known as the 161st Specialist Training Centre, GRU Unit 29155 has committed a range of harmful activities such as targeting organisations to gather intelligence, stealing and leaking sensitive information to damage reputations, defacing websites, and deliberately destroying data to disrupt systems.

Most recently, its cyber assault has targeted efforts to provide support to Ukraine, including deploying the Whispergate malware against multiple victims across Ukraine prior to Russia’s invasion in 2022. 

Paul Chichester, NCSC Director of Operations, said: “The exposure of GRU Unit 29155 as a capable cyber actor illustrates the importance that Russian military intelligence places on using cyberspace to pursue its illegal war in Ukraine and other state priorities.”

What is a DDoS attack?

A Distributed Denial-of-Service (DDoS) attack is a type of cybercrime. It involves inundating a server with innumerable requests from multiple sources that the server believes to be genuine. 

This has the effect of overwhelming the server, compromising its infrastructure and preventing legitimate users from accessing the target’s online services.

DDoS attacks are a complex, sophisticated form of Denial-of-Service (DoS) attack. Unlike a regular DoS attack, which comes from a single source, a Distributed attack uses a network of connected devices to flood the targeted server with requests from multiple points. 

A DDoS enables the perpetrators to inflict a much wider scale attack on the target, making it far more effective in its disruption and much harder to stop.  

What is the impact of a DDoS attack? 

The impact of a DDoS attack depends on the security surrounding the target’s server; the length and size of the attack; and the speed and effectiveness of the organisation's response.

DDoS attacks present several immediate threats and potential long-term problems for those being targeted, including exceptionally slow network speeds that stop web pages loading; loss of connectivity across network devices; and an influx of spam email. 

All this additional activity is intended to jam the server and prevent an organisation’s normal online services from operating effectively. 

The knock-on effects of a DDoS attack are a drop in traffic from legitimate users, lack of public trust, loss of business, and damage to the organisation’s reputation. These long-term ramifications are often far-reaching and much more challenging to overcome than the initial attack. 

What can be done to prevent DDoS attacks?

The best kind of defence against DDoS attacks is taking a multi-layered approach to your cyber security. By building multiple layers of protection around your website, you ensure that if one is breached, there are others that will prevent hackers getting through to your online services.  

At Formation, we champion this approach to great effect: to date, we have a 100% secure record; we have never experienced a breach of security on any of the websites we have built and now host on our servers. 

We use a number of tools to help protect our clients and their online services against cyberattacks:

• Cloudflare – this cloud-based network acts as a filter for web requests, preventing attackers from reaching the original IP address of the sites we host on Formation's servers. Instead, hackers will only ever be able to target the reverse proxy, such as Cloudflare’s CDN, which has a tighter security and more resources to fend off a cyberattack.
• Vercel – this front-end platform for building headless sites has its own DDoS mitigation, and monitors traffic to automatically detect attacks. There is also an 'attack challenge mode', that requires the user’s browser to resolve a challenge to proceed but will automatically block bot requests.
• Security plugins – we leverage WordPress security plugins such as Wordfence to help block bad actors and enforce rate limiting, which prevents an excessive number of requests coming from a single IP within a certain timeframe, stopping DDoS attacks in their tracks. 

Headless: a better way to build a more secure website

One of the key factors that makes Formation's website builds so robust in the face of cyberattacks is our headless CMS approach, which separates code for the front end of the site where content is displayed from the code for the back end, where content is safely stored. This architecture helps mitigate attacks just by the nature of the system.

With traditional monolithic websites, such as WordPress, the content is integral to the display, meaning there is no separation, and the website and server are more easily infiltrated. Monologic sites also rely heavily on plugins, which pose a further security threat as hackers often use these as an entry point to breach the website. 

This video demonstrates the enhanced security features of using a Headless CMS like Craft, and why Formation chooses this approach for our high-security website builds. [LINK]

A cyber secure partnership 

Formation’s impeccable approach to cyber security means we're trusted by some of the UK’s most high-profile, secure organisations to create their websites and digital applications. 

Our extensive work for the public sector includes building websites for the Police Crime Commissioners (PCC) for West Midlands, West Mercia, and Warwickshire, and the Police Fire & Crime Commissioners (PFCC) for Essex and Cumbria.

Our attention to detail and expert knowledge of secure and accessible practices ensures these organisations’ online platforms are both safe from cyberattacks and easily usable by all members of the public.  

Formation’s ICV app: secure digital reporting for custody visitors

The Independent Custody Visitor App (ICV) created, developed, and produced by Formation for the OPPC, improves process and efficiency for ICVs filing reports of custody visits. 

The app makes the whole process secure and paperless, enabling ICVs to complete the necessary information on behalf of inmates and submit their reports to the OPCC easily and seamlessly without the risk of misplacing valuable documents or compromising inmate confidentiality or security. 

All information is stored securely within the app and is filed digitally by ICVs with the OPCC. These digital reports are then reviewed and cases tracked, ensuring any issues raised are followed up on and resolved promptly. 

This digitised system also allows the OPCC to locate reports and information relating to specific cases quickly and easily, ensuring nothing is ever lost or left incomplete. It also supports data analysis enabling PCCs and the OPCC to spot relevant trends.