Connect with us

Hi, what are you looking for?


Incident Response

US Agencies Issue Guidance on Responding to DDoS Attacks

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) have released joint guidance for responding to distributed denial-of-service (DDoS) attacks.

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) have released joint guidance for responding to distributed denial-of-service (DDoS) attacks.

A type of cyberattack targeting applications or websites, denial-of-service (DoS) attacks aim to exhaust the target system’s resources to render it inaccessible to legitimate users.

DDoS attacks may target server vulnerabilities to overload network resources or to consume these resources through the reflection of a high volume of network traffic to the target, or may attempt to overload connection (protocol) or application (compute or storage) resources of the target.

When the overloading traffic originates from more than one source operating in concert, the attack is considered DDoS. Botnets, which are networks of compromised devices – including computers, IoT devices, and servers – are the most common source of DDoS attacks.

DDoS attacks that produce high volumes of traffic are difficult to respond to and recover from, CISA, the FBI, and MS-ISAC note in their advisory. Such attacks may lead to degradation of service, loss of productivity, extensive remediation costs, and reputational damage.

“Organizations should include steps to address these potential effects in their incident response and continuity of operations playbooks,” the three agencies say.

DDoS attacks, the advisory notes, typically do not impact the confidentiality and integrity of systems and data, but such attacks may be used to divert attention from other types of assaults, including malware deployment and data exfiltration.

Advertisement. Scroll to continue reading.

“In a progressively interconnected world with additional post-pandemic remote connectivity requirements, maintaining the availability of business-essential external-facing resources can be challenging for even the most mature IT and incident response teams. It is impossible to completely avoid becoming a target of a DDoS attack,” the three agencies point out.

To mitigate the risk of a DDoS attack, organizations should be aware of all internet-facing assets and of the vulnerabilities potentially impacting them, identify how users connect to the corporate network, enroll in a DDoS protection service, ensure they understand existing defenses, and implement a DDoS response plan, the three agencies say.

The joint guidance – which applies to federal agencies and private organizations alike – provides additional recommendations on how organizations can prepare for DDoS attacks and details the steps they should take when responding to an ongoing assault.

Related: CISA Issues Guidance on Transitioning to TLP 2.0

Related: US Agencies Publish Security Guidance on Implementing Open RAN Architecture

Related: NSA Publishes Best Practices for Improving Network Defenses

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.