Joint CISA FBI MS-ISAC Guide on Responding to DDoS Attacks and DDoS Guidance for Federal Agencies


The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing this joint guide to provide organizations proactive steps to reduce the likelihood and impact of distributed denial-of-service (DDoS) attacks. These attacks can cost an organization time and money and may impose reputational costs while resources and services are inaccessible.

DoS and DDoS Denial-of-service (DoS) attacks are a type of cyberattack targeting a specific application or website with the goal of exhausting the target system’s resources, which, in turn, renders the target unreachable or inaccessible, denying legitimate users access to the service. Although many forms of DoS attacks exist, the most common types are the following:

  1. Network resource overload consumes all available network hardware, software, or bandwidth of the target.
        1. In a direct network resource overload attack, the cyber threat actor overloads resources using tactics, such as exploiting a server vulnerability or inundating servers with requests.
        2. In a reflection amplification attack, the threat actor consumes network resources by reflecting a high volume of network traffic to the target. The actor use a third-party server (the “reflector”) as an intermediary that hosts and responds to the given spoofed source IP address.
  2. Protocol resource overload consumes the available session or connection resources of the target.
  3. Application resource overload consumes the available compute or storage resources of the target.

Read more…
Source: U.S. Cybersecurity and Infrastructure Security Agency