Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

US Agencies Issue Guidance on Responding to DDoS Attacks

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) have released joint guidance for responding to distributed denial-of-service (DDoS) attacks.

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) have released joint guidance for responding to distributed denial-of-service (DDoS) attacks.

A type of cyberattack targeting applications or websites, denial-of-service (DoS) attacks aim to exhaust the target system’s resources to render it inaccessible to legitimate users.

DDoS attacks may target server vulnerabilities to overload network resources or to consume these resources through the reflection of a high volume of network traffic to the target, or may attempt to overload connection (protocol) or application (compute or storage) resources of the target.

When the overloading traffic originates from more than one source operating in concert, the attack is considered DDoS. Botnets, which are networks of compromised devices – including computers, IoT devices, and servers – are the most common source of DDoS attacks.

DDoS attacks that produce high volumes of traffic are difficult to respond to and recover from, CISA, the FBI, and MS-ISAC note in their advisory. Such attacks may lead to degradation of service, loss of productivity, extensive remediation costs, and reputational damage.

“Organizations should include steps to address these potential effects in their incident response and continuity of operations playbooks,” the three agencies say.

DDoS attacks, the advisory notes, typically do not impact the confidentiality and integrity of systems and data, but such attacks may be used to divert attention from other types of assaults, including malware deployment and data exfiltration.

“In a progressively interconnected world with additional post-pandemic remote connectivity requirements, maintaining the availability of business-essential external-facing resources can be challenging for even the most mature IT and incident response teams. It is impossible to completely avoid becoming a target of a DDoS attack,” the three agencies point out.

To mitigate the risk of a DDoS attack, organizations should be aware of all internet-facing assets and of the vulnerabilities potentially impacting them, identify how users connect to the corporate network, enroll in a DDoS protection service, ensure they understand existing defenses, and implement a DDoS response plan, the three agencies say.

The joint guidance – which applies to federal agencies and private organizations alike – provides additional recommendations on how organizations can prepare for DDoS attacks and details the steps they should take when responding to an ongoing assault.

Related: CISA Issues Guidance on Transitioning to TLP 2.0

Related: US Agencies Publish Security Guidance on Implementing Open RAN Architecture

Related: NSA Publishes Best Practices for Improving Network Defenses

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...