FBI Alert Warns of Increase in Disruptive DDoS AttacksLatest Attacks Use Amplification Techniques
The FBI is warning of an increase in distributed denial-of-service attacks using amplification techniques that are targeting U.S. organizations. The bureau notes that it's seen an uptick in attack attempts since February.
See Also: 2020 Cyberthreat Defense Report
The FBI's Cyber Division sent a "private industry alert" to organizations around the U.S. on Tuesday, and copies of the alert have since been posted online.
"In the near term, cyber actors likely will exploit the growing number of devices with built-in network protocols enabled by default to create large-scale botnets capable of facilitating devastating DDoS attacks."https://t.co/k2V6yfW2Cu— Bad Packets (@bad_packets) July 21, 2020
The alert warns that over the last several months, the FBI has found that threat actors have been attempting to use built-in network protocols, which are designed to reduce overhead and operational costs, to conduct larger and more destructive DDoS attacks.
This technique helps amplify the DDoS attack without using as many resources but can also create a much more disruptive cyberthreat, according to the FBI.
"A DDoS amplification attack occurs when an attacker sends a small number of requests to a server and the server responds with more numerous responses to the victim," the alert states. "Typically, the attacker spoofs the source Internet Protocol address to appear as if they are the victim, resulting in traffic that overwhelms victim resources."
While the FBI has been tracking these types of attacks tied to DDoS amplification techniques for several years, this week's alert calls attention to new developments.
In February, security researchers warned of a vulnerability in Jenkins, the open source server that is used by developers to help automate tasks, which could allow an attacker to launch DDoS attacks.
The new FBI alert notes that while the Jenkins vulnerability and others do not appear to have been exploited in recent DDoS attacks, these types of flaws can increase the attack surface and eventually lead to much larger DDoS attacks.
"Researchers estimated cyber actors could use vulnerable Jenkins servers to amplify DDoS attack traffic 100 times against the online infrastructure of targeted victims across sectors," according to the FBI alert.
The bureau's warnings come after other reports about detection of high-profile DDoS attacks.
In February, for example, the largest DDoS attack ever recorded struck Amazon Web Services. The company's infrastructure was hit with a 2.3 TB per second - or 20.6 million requests per second - assault, Amazon said in a report about the incident.
That same month, the FBI warned that attackers were repeatedly attempting to disrupt a state's voter registration and information website with DDoS attacks. The attackers bombarded the site with malicious traffic in intervals in an attempt to overwhelm the DNS server and shut down the website (see: FBI Reportedly Says DDoS Attack Targeted Voter Registration).
In June, security firm Akamai reported that it has blocked a DDoS attack generating 809 million packets per second against a large, unnamed European bank (see: European Bank Targeted in Massive Packet-Based DDoS Attack).
Besides vulnerabilities in applications and software, networking firm A10 Networks is warning that the use of botnets to deliver DDoS attacks remains a threat to many organizations.
In its latest quarterly report about DDoS attacks, A10 notes that seven countries account for most of the world's botnets: the U.S., China, South Korea, Russia, Italy, Germany and India.
The most common attack vectors that threat actors used to launch large-scale DDoS attacks were Simple Network Management Protocol and Simple Service Discovery Protocol, which accounted for 1.7 million attacks each, according to the report.