The advisory describes the critical DDoS tactics, with recommendations to defend against such attacks. Credit: iStock The US Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the multistate information sharing, and analysis center (MS-ISAC) have, in a joint effort, released an advisory to defend against distributed denial of service (DDoS) attacks. Especially popular with Russia-backed hacktivists and nation-state actors, DDoS attacks refer to malicious attempts to disrupt the normal traffic of a targeted service by overwhelming its servers and networks with a flood of fake traffic. The joint advisory is released to serve “as a guidance for federal, state, local, tribal, and territorial government entities to address the specific needs and challenges faced by them to defend against denial of service (DoS) and DDoS attacks.” A DoS attack involves a single source to overwhelm the target system as opposed to the multiple sources, also called botnets, used in DDoS attacks. The main advantage of a DDoS attack over a DoS attack is the ability to generate a significantly higher volume of traffic, overwhelming the target system’s resources to a greater extent, according to the advisory. Typical denial of service attacks The advisory has grouped typical DoS and DDoS attacks based on three technique types: volume-based, protocol-based, and application layer-based. While volume-based attacks aim to cause request fatigue for the targeted systems, rendering them unable to handle legitimate requests, protocol-based attacks identify and target the weaker protocol implementations of a system causing it to malfunction. A novel loop DoS attack reported this week targeting network systems, using weak user datagram protocol (UDP)-based communications to transmit data packets, is an example of a protocol-based DoS attack. This new technique is among the rarest instances of a DoS attack, which can potentially result in a huge volume of malicious traffic. Application layer-based attacks refer to attacks that exploit vulnerabilities within specific applications or services running on the target system. Upon exploiting the weaknesses in the application, the attackers find ways to over-consume the processing powers of the target system, causing them to malfunction. Interestingly, the loop DoS attack can also be placed within the application layer DoS category, as it primarily attacks the communication flaw in the application layer resulting from its dependency on the UDP transport protocol. DDoS has been extensively used by the Russia-aligned hacktivists, calling themselves the Anonymous Sudan, who recently disrupted a series of French government services. Analysis, planning, and mitigation tools Running a thorough and continuous analysis of the network systems was assigned the topmost priority in the advisory’s list of recommendations. This included risk assessment to determine existing vulnerabilities to DDoS attacks, network monitoring to track unusual and suspicious traffic activities, and regular traffic logging to prepare a baseline of normal traffic patterns. Bandwidth capacity planning was also recommended as tweaking the bandwidth capacity to accommodate sudden seasonal spikes can come in handy while tackling malicious traffic. Implementing load balancing to distribute traffic and prevent a single and central point of failure might help too, the advisory noted. Tools that can prove beneficial in preventing or handling DDoS attacks include DDoS mitigation services, the implementation of captcha to fish out bot access, and network firewalls configured to filter out suspicious traffic patterns and block known malicious IP addresses. The development comes days after the Feds issued warning against tightened activities of the Chinese Volt Typhoon gang, the nation-state allegedly maintaining malicious persistence in critical US systems by exploiting critical vulnerabilities such as the recent Fortinet RCE flaws. Related content news AT&T suffers critical breach impacting 73 million customers Data released on the dark web impacts 7.6 million existing account holders and 65.4 million past subscribers. By Shweta Sharma 01 Apr 2024 4 mins Data Breach feature Recruit for diversity: Practical ways to remove bias from the hiring process Changing the wording on job descriptions and introducing a diverse hiring panel are some of the ways to remove bias when hiring cybersecurity professionals. By Aimee Chanthadavong 01 Apr 2024 8 mins Careers feature The CSO guide to top security conferences Tracking postponements, cancellations, and conferences gone virtual — CSO Online’s calendar of upcoming security conferences makes it easy to find the events that matter the most to you. By CSO Staff 01 Apr 2024 17 mins Technology Industry IT Skills Events news Top cybersecurity product news of the week New product and service announcements from Bedrock Security, GitGuardian, Legit Security, Nametag, and Cybereason and Observe By CSO staff 29 Mar 2024 70 mins Generative AI Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe