The Federal Bureau of Investigation (FBI), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Cybersecurity and Infrastructure Security Agency (CISA) have recently released guidelines for federal and private agencies on the mitigation and prevention of Distributed Denial of Service (DDoS) attacks.
In a DDoS attack, a host connected to a network is temporarily or permanently denied access to its services in an effort to render a computer or network resource inaccessible to its intended users. The typical method for committing a DDoS attack is to overload the targeted machine or resource with excessive requests in an effort to overwhelm the system and prevent some or all valid requests from being granted. The ability to conduct a DDoS attacks are easier than ever due to the significant increase in IT devices and slave armies of malware-infected devices called Botnets. DDoS attacks can pose dire consequences on its victims. Prolonged attacks can result in extensive remediation costs and significant reputational damage.
In order to prevent this from happening, the agencies suggest a number of actions organizations can take to prevent and defend against potential DDoS attacks. Firstly, the guidelines suggest that preparation is the key for reducing the impact of attacks. Organizations should identify all critical assets and services that are publicly exposed to the internet, implement web application firewalls, and adhere to all cybersecurity best practices. Organizations should be aware of all the indicators that a DDoS attack has taken place. These include network latency, sluggish application performance, unusually high traffic, or the unavailability of websites. In the event these indicators do arise, technical professionals should be connected immediately. Victims should also consult their ISP to determine whether they are experiencing any outages and to find out more about the attack’s details such as the source of the traffic and the targeted applications.
In the event that an attack has taken place, CISA advises victims to monitor all network assets, gather information, and update their response plan to address any vulnerabilities exposed during the attack. Additionally, organizations should regularly monitor their networks and establish a baseline of typical activity. In doing so, the ability to promptly identify attacks in progress will improve dramatically.