SecureWorld News

U.S. Agencies Release Guidelines for DDoS Attacks

Written by Drew Todd | Tue | Nov 1, 2022 | 3:58 PM Z

Distributed denial-of-service (DDoS) attacks aim to overwhelm a target's application or website, exhausting the system's resources and making the target inaccessible to legitimate users.

While DDoS attacks are relatively simple to execute, they are frequently used by threat actors and can be a real thorn in the side of an organization. Which is why some U.S. government agencies have come together to provide some guidelines in protecting against these attacks.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing & Analysis Center (MS-ISAC) have released a joint guide to provide organizations with steps to take before, during, and after experiencing a DDoS attack.

The advisory discusses:

"The more traffic a DDoS attack produces, the more difficulty an organization will have responding and recovering from the attack. The increase in traffic also increases the difficulty of attribution because it makes the true source of the attack harder to identify. Although the impact of DDoS attacks may often be negligible—depending on the scale of the attack—it could be severe and include loss or degradation of critical services, loss of productivity, extensive remediation costs, and acute reputational damage. Organizations should include steps to address these potential effects in their incident response and continuity of operations playbooks.

Although a DDoS attack is unlikely to impact the confidentiality or integrity of a system and associated data, it does affect availability by interfering with the legitimate use of that system. Because a cyber threat actor may use a DDoS attack to divert attention away from more malicious acts they are carrying out—e.g., malware insertion or data exfiltration—victims should stay on guard to other possible compromises throughout a DDoS response. Victims should not become so focused on defending against a DDoS attack that they ignore other security monitoring."

The advisory also notes that in a post-pandemic world, where everything is more remotely connected, maintaining the necessary resources to respond to incidents like DDoS attacks has become increasingly difficult. However, it does provide some proactive steps organizations can take to to reduce the effects of an attack on the availability of their resources.

Those steps are:

•  Understand your critical assets and services
•  Understand how your users connect to your network
•  Enroll in a DDoS protection service
•  Understand service provider defenses
•  Understand your dedicated edge network defenses
•  Design and review (High-Availability/Load-Balancing/Colocation) designs
•  Develop an organization DDoS response plan
•  Develop an organization DDoS business continuity plan
•  Consider how a DDoS attack will impact physical backups for your network
•  Conduct a DDoS tabletop exercise and/or regularly test your DDoS response plan

The advisory also includes detailed information on what your organization should do if you believe you are experiencing a DDoS attack, as well what to do after an attack. And as always, CISA and the FBI strongly encourage you to promptly report any incidents to your local FBI field office or to CISA at report@cisa.gov.

See the original advisory, Understanding and Responding to Distributed Denial-of-Service Attacks, for more information.

Follow SecureWorld News for more stories related to cybersecurity.