The risks posed to businesses of all sizes by distributed denial of service (DDoS) attacks has been highlighted after BBC fell victim to a large-scale attack that saw almost all of its web presence knocked offline for several hours last week.
Beginning at around 0700 GMT on December 31st, visitors to the corporation's websites - including its news pages and iPlayer service - were greeted with a 500 error, indicating the company's servers were unable to meet user requests.
While initially blamed on a technical issue, the outage was later claimed to have been the result of a DDoS attack, which saw its servers flooded with huge amounts of bot traffic that prevented legitimate users from getting through. It was several hours before the attack subsided and traffic levels returned to normal.
A US-based group calling itself New World Hacking later claimed responsibility for the attack, stating the incident was merely a test of its capabilities and its true target will be websites affiliated with the Isis terrorist group.
In a series of tweets to the BBC's technology correspondent Rory Cellan-Jones, the group said: "The reason we really targeted [the] BBC is because we wanted to see our actual server power.
"We realise sometimes what we do is not always the right choice, but without cyber hackers... who is there to fight off online terrorists?"
The fact that a relatively straightforward attack could leave one of the world's largest media companies offline for hours should be a warning to any organisation that does not believe it is at risk from DDoS tactics.
Such incidents are simple to organise and can leave companies offline for hours or even days, something that's particularly damaging if they are heavily dependent on the internet for their revenue.
There can be a number of reasons why a firm may be targeted by a DDoS attack. Criminals may wish to make a political point, create a distraction while they attempt to infiltrate another part of the network, or simply cause chaos.
In some cases, the consequences can be more wide-ranging than simply losing web presence. For instance, video game distributor Valve recently apologised after the personal details of some 34,000 users were exposed in the wake of a DDoS attack on its Steam service over the festive period.
The company explained the attack caused a caching error which enabled some users to view private information of others. It stated: "In response to this specific attack, caching rules managed by a Steam web caching partner were deployed in order to both minimise the impact on Steam Store servers and continue to route legitimate user traffic."
However, an error in the configuration of this resulted in some users receiving results intended of other users, which included billing addresses, the last four digits of their Steam Guard phone number, purchase histories, the last two digits of their credit card number, and email addresses.
Elsewhere, recent research from Kaspersky Lab has also highlighted the growing threat posed by DDoS attacks, as well as some of the motivations behind them. The company found nearly half of DDoS victims (48 per cent) believe they know the identities of the perpetrators, with one in eight pointing the finger at competitors looking to disrupt their activities.
Evgeny Vigovsky, head of DDoS Protection at Kaspersky, said: "DDoS attacks are no longer just about cyber criminals seeking to halt a company's operations. Businesses are becoming suspicious of each other and there is a real concern that many companies – including small and medium-sized ones – are being affected by the underhand tactics of their competitors."