FBI v the bots: Feds urge denial-of-service defense after critical infrastructure alert – Source: go.theregister.com

The US government has recommended a series of steps that critical infrastructure operators should take to prevent distributed-denial-of-service (DDoS) attacks.

Thursday’s alert comes just days after the Feds warned about destructive cyber intrusions emanating from China, and also formed a water sector cybersecurity task force that meets today to prevent cybercriminals from disrupting the US water supply.

“CISA, FBI, and MS-ISAC urge network defenders and leaders of critical infrastructure organizations to read the guidance provided to defend against this threat,” the government agencies said about the report.

These are the types of attacks that took down several French government websites earlier this month, and are especially popular with pro-Russia hacktivists who have DDoSed a series of European and American airport websites since the invasion of Ukraine.

The joint guide, entitled Understanding and Responding to Distributed Denial-Of-Service Attacks [PDF], distinguishes between denial-of-service (DoS) and DDoS attacks. The former involves a single source of network-flooding traffic while the latter involves multiple sources.

The briefing document also provides technical details about three different types of DoS and DDoS techniques. First up: volume-based attacks that aim to overwhelm a target with a massive amount of traffic, thus consuming all the available bandwidth so legitimate traffic can’t access the website. 

Second comes attacks that exploit vulnerabilities in network protocols, thus causing the website to malfunction or otherwise interfere with its performance.

And finally, there’s Layer 7, or application-layer attacks that hit flaws in specific apps running on the targeted system.

• Five Eyes tell critical infra orgs: Take these actions now to protect against China’s Volt Typhoon
• US task force aims to plug security leaks in water sector
• French government sites disrupted by très grande DDoS
• UK council won’t say whether two-week ‘cyber incident’ impacted resident data

The guide lists 15 best practices that organizations should put in place to protect against these attacks. It starts with the basics: conducting a thorough risk assessment, implementing network monitoring tools and regularly analyzing network traffic to establish a baseline and identify any traffic spikes, which could indicate a botnet-based DDoS flood.

It also suggests implementing a Captcha challenge to distinguish between humans and bots, and considering specific DDoS mitigation and load balancing products. Regularly updating and patching all software, operating systems and network devices also made the list — and is just good cybersecurity hygiene all around.

Plus, programs like employee training, incident response, and backup and recovery plans are always smart to have in place, and practice regularly, along with network redundancy to help maintain service availability in the event of a DDoS attack. ®