March 22nd – The U.S Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI) and Multi-State Information Sharing and Analysis Center (MS-ISAC) have jointly released an advisory to provide government groups with guidance around defending against Distributed Denial of Service (DDoS) attacks.
These attacks aim to disrupt ordinary web traffic by overwhelming target systems with massive volumes of malicious traffic.
Nation-state threats
DDoS attacks are in-vogue among Russian-backed hacktivist groups and nation-state actors. Unlike conventional denial of service (DoS) attacks, using a single traffic source, DDoS attacks leverage multiple compromised systems (botnets) to generate higher attack volumes, which are then able to exhaust target resources.
CISA FBI advisory
The advisory discusses common DDoS techniques, such as volume-based, protocol-based and application layer-based attacks. While volume-based attacks overload targets with high request volumes, protocol attacks exploit weaknesses in network protocol implementations. Application layer attacks target vulnerabilities in specific services running on victims’ systems.
A newly observed loop DoS attack that exploits UDP protocol weaknesses highlights an emerging protocol-based attack vector with potential for massive malicious traffic generation. This technique could be considered an application layer attack due to its application communication protocol dependencies.
French government
Recent DDoS attacks have disrupted French government services. The attacks were attributed to the Russian-aligned Anonymous Sudan hacktivist group. Defensive recommendations include continuous risk assessment, network monitoring, traffic baselining, bandwidth capacity planning, load balancing, deploying DDoS mitigation services, captchas and configured firewalls.
This advisory follows earlier warnings regarding the Volt Typhoon threat group, which is believed to be maintaining persistence on critical U.S. systems by exploiting vulnerabilities like Fortinet’s remote execution flaw.
For more on this story, please click here. Lastly, subscribe to the CyberTalk.org newsletter for timely insights, cutting-edge analyses and more, delivered straight to your inbox each week.