The European Commission has been hit by a major distributed denial of service (DDoS) attack, a spokesperson for the organisation has confirmed.
The cyber-attack reportedly left staff unable to work after they lost internet access for a number of hours. The strike, which began on Thursday afternoon, did not result in any data being lost, according to the commission, which is the legislative arm of the EU.
It was not immediately clear who was behind the cyber assault, which flooded the commission’s website with millions of data requests every second. IT staff fending off the strike were on Thursday evening prepared for further attacks, which often come in waves.
Access to commission email accounts and the main EU website were knocked out in the assault, which coincided with an EU-Ukraine summit in Brussels. DDoS attacks involve hackers overwhelming a target’s servers by flooding its website with data requests. Security analysts have suggested that a number of recent similar attacks may have been carried out by state-sponsored hackers.
Once the attack had been averted, commission staff were sent an email that read: “This afternoon, the European Commission was subject to a cyber-attack (denial of services) which resulted in the saturation of our internet connection.
“This has had a negative impact on the external access to the Europa site and on the internet access for staff. We are currently taking mitigating measures to restore normal services.”
A spokesperson confirmed the attack in a statement: “The Commission was the target of a large-scale denial of service attack.
“The attack has successfully been stopped with no interruption of service, although connections speeds have been affected for a time.”
The strike occurred just days after Russian online security firm Kaspersky Lab revealed that many internet security workers are confident that DDoS attacks are often used as a “smokescreen” to distract their victims while hackers attempt separate cyber assaults on other targets.
The 2016 Kaspersky Lab Corporate IT Security Risks survey found that more than half of security researchers polled “believed that the DDoS attacks their companies had experienced were a smokescreen or decoy for other criminal activities”.
“DDoS prevents a company from carrying on its normal activities by putting either public or internal services on hold,” said Kirill Ilganaev, head of DDoS protection at Kaspersky Lab.
“This is obviously a real problem to businesses and it is often ‘all hands on deck’ in the IT team, to try and fix the problem quickly, so the business can carry on as before. DDoS can therefore be used not only as an easy way to stop the activity of a company, but also as a decoy to distract IT staff from another intrusion taking place through other channels.”