Alabama websites recovering from DDoS cyberattack

Some Alabama state government websites were flooded with junk data in an attempt to knock them offline in a distributed denial-of-service cyberattack, the Associated Press reported Wednesday. 

The attack began Tuesday afternoon, Gov. Kay Ivey’s office told the AP, however “there was no breach, and the state’s computers and information have not been accessed.”

“We understand that the disruptions were initially widespread across state services, and those effects have diminished throughout the day as we have worked with our vendors to counter the denial-of-service attack,” Alabama’s Office of Information Technology spokesperson Jeremy Ward told CNN.

The state’s OIT is working to mitigate the attack, and some sites might be temporarily slow as the work continues, the AP reported.

The attack comes several years after Gov. Kay Ivey in 2018 announced the opening of Alabama’s first cybersecurity operations center, which is designed to prevent and respond to cyberattacks. The center was designed to provide a single location to manage the cybersecurity of the state’s 146 agencies and minimize system downtime.

“Most of the time when you have a big incident, people think it just came in in the middle of the night, but really people have been in your network, watching and learning how you do things and use that against you to be more effective,” Ryan Allen, Alabama’s chief information security officer, said after the center’s opening.

DDoS attacks are one of the most common types of cyberattacks to affect state governments. The websites operated by the Pennsylvania state courts were knocked offline last month after a distributed denial-of-service attack on a weekend.