Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

US Agencies Issue Guidance on Responding to DDoS Attacks

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) have released joint guidance for responding to distributed denial-of-service (DDoS) attacks.

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) have released joint guidance for responding to distributed denial-of-service (DDoS) attacks.

A type of cyberattack targeting applications or websites, denial-of-service (DoS) attacks aim to exhaust the target system’s resources to render it inaccessible to legitimate users.

DDoS attacks may target server vulnerabilities to overload network resources or to consume these resources through the reflection of a high volume of network traffic to the target, or may attempt to overload connection (protocol) or application (compute or storage) resources of the target.

When the overloading traffic originates from more than one source operating in concert, the attack is considered DDoS. Botnets, which are networks of compromised devices – including computers, IoT devices, and servers – are the most common source of DDoS attacks.

DDoS attacks that produce high volumes of traffic are difficult to respond to and recover from, CISA, the FBI, and MS-ISAC note in their advisory. Such attacks may lead to degradation of service, loss of productivity, extensive remediation costs, and reputational damage.

“Organizations should include steps to address these potential effects in their incident response and continuity of operations playbooks,” the three agencies say.

DDoS attacks, the advisory notes, typically do not impact the confidentiality and integrity of systems and data, but such attacks may be used to divert attention from other types of assaults, including malware deployment and data exfiltration.

“In a progressively interconnected world with additional post-pandemic remote connectivity requirements, maintaining the availability of business-essential external-facing resources can be challenging for even the most mature IT and incident response teams. It is impossible to completely avoid becoming a target of a DDoS attack,” the three agencies point out.

Advertisement. Scroll to continue reading.

To mitigate the risk of a DDoS attack, organizations should be aware of all internet-facing assets and of the vulnerabilities potentially impacting them, identify how users connect to the corporate network, enroll in a DDoS protection service, ensure they understand existing defenses, and implement a DDoS response plan, the three agencies say.

The joint guidance – which applies to federal agencies and private organizations alike – provides additional recommendations on how organizations can prepare for DDoS attacks and details the steps they should take when responding to an ongoing assault.

Related: CISA Issues Guidance on Transitioning to TLP 2.0

Related: US Agencies Publish Security Guidance on Implementing Open RAN Architecture

Related: NSA Publishes Best Practices for Improving Network Defenses

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Stephanie Crowe has been appointed head of the Australian Cyber Security Centre (ACSC).

Cloud security giant Wiz has named Fazal Merchant as President and Chief Financial Officer.

Cybersecurity and data protection company Acronis has appointed Gerald Beuchelt as CISO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.