The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) have released joint guidance for responding to distributed denial-of-service (DDoS) attacks.
A type of cyberattack targeting applications or websites, denial-of-service (DoS) attacks aim to exhaust the target system’s resources to render it inaccessible to legitimate users.
DDoS attacks may target server vulnerabilities to overload network resources or to consume these resources through the reflection of a high volume of network traffic to the target, or may attempt to overload connection (protocol) or application (compute or storage) resources of the target.
When the overloading traffic originates from more than one source operating in concert, the attack is considered DDoS. Botnets, which are networks of compromised devices – including computers, IoT devices, and servers – are the most common source of DDoS attacks.
DDoS attacks that produce high volumes of traffic are difficult to respond to and recover from, CISA, the FBI, and MS-ISAC note in their advisory. Such attacks may lead to degradation of service, loss of productivity, extensive remediation costs, and reputational damage.
“Organizations should include steps to address these potential effects in their incident response and continuity of operations playbooks,” the three agencies say.
DDoS attacks, the advisory notes, typically do not impact the confidentiality and integrity of systems and data, but such attacks may be used to divert attention from other types of assaults, including malware deployment and data exfiltration.
“In a progressively interconnected world with additional post-pandemic remote connectivity requirements, maintaining the availability of business-essential external-facing resources can be challenging for even the most mature IT and incident response teams. It is impossible to completely avoid becoming a target of a DDoS attack,” the three agencies point out.
To mitigate the risk of a DDoS attack, organizations should be aware of all internet-facing assets and of the vulnerabilities potentially impacting them, identify how users connect to the corporate network, enroll in a DDoS protection service, ensure they understand existing defenses, and implement a DDoS response plan, the three agencies say.
The joint guidance – which applies to federal agencies and private organizations alike – provides additional recommendations on how organizations can prepare for DDoS attacks and details the steps they should take when responding to an ongoing assault.