CISA issues DDoS warning after attacks hit multiple US orgs – Source: www.bleepingcomputer.com

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned today of ongoing distributed denial-of-service (DDoS) attacks after U.S. organizations across multiple industry sectors were hit.

All U.S. orgs were advised to take proactive measures to ensure that their security teams are ready to thwart or mitigate the effects of such attacks.

For instance, network administrators should be ready to quickly apply firewall rules or redirect incoming malicious traffic through DoS protection services to prevent attackers from taking down targeted online portals or services.

Alternatively, internet service providers (ISPs) can also provide guidance on the appropriate steps to take in such circumstances.

“CISA is aware of open-source reporting of targeted denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks against multiple organizations in multiple sectors,” the cybersecurity agency said.

“These attacks can cost an organization time and money and may impose reputational costs while resources and services are inaccessible.”

CISA, in collaboration with the FBI and MS-ISAC), provides guidance on what organizations should do before and after a DDoS attack, including enrolling in dedicated DDoS protection services which can reroute malicious traffic away from the targeted assets.

It also provides additional recommendations for federal civilian executive branch (FCEB) agencies, advising them to take advantage of General Services Administration (GSA) tools like the Managed Security Service (MSS) and the Managed Trusted Internet Protocol Service (MTIPS) to counter the effects of DDoS attacks and restore operation of impacted systems.

Wave of DDoS attacks claimed by Anonymous Sudan​

While the cybersecurity agency is yet to provide any context, today’s warning comes after several DDoS attacks targeting both private and government organizations had their online portals taken offline in incidents claimed by Anonymous Sudan, a threat actor tracked as Storm-1359 by Microsoft that some cybersecurity researchers believe might be linked to Russia.

Since the start of the week, Anonymous Sudan claimed they had taken down the website of EFTPS.gov (the U.S. Treasury Dept’s Electronic Federal Tax Payment System) and the U.S. Commerce Dept. website.

BleepingComputer confirmed that eftps.gov was down at the time of the attack claimed by the threat group on their Telegram channel.

Today, they also claimed another DDoS attack that targeted Stripe’s dashboard for managing business payments, refunds, and operations.

Earlier this month, Microsoft also confirmed that multiple outages impacting its Outlook, OneDrive, and Azure web portals resulted from DDoS attacks claimed at the time by Anonymous Sudan.

Starting in May, the group has targeted multiple other large organizations worldwide, including Scandinavian Airlines (SAS), Tinder, and Lyft, as well as various hospitals across the United States.