Cyber Actors Exploiting Built-in Network Protocols to Carry Out Larger, More Destructive Distributed Denial of Service Attacks

The FBI has published a (TLP:WHITE) Private Industry Notification (PIN) advising that Cyber actors have exploited built-in network protocols, designed to reduce computational overhead of day-to-day system and operational functions, to conduct larger and more destructive distributed denial of service (DDoS) amplification attacks against US networks. As the FBI explains, a DDoS amplification attack occurs when an attacker sends a small number of requests to a server and the server responds with more numerous responses to the victim. Typically, the attacker spoofs the source Internet Protocol (IP) address to appear as if they are the victim, resulting in traffic that overwhelms victim resources. Cyber actors likely will increasingly abuse built-in network protocols. Such abuse likely will enable DDoS amplification attacks to be carried out with limited resources and result in significant disruptions and impact on the targets. The PIN provides a threat overview, including real-world destructive DDoS attacks, as well as tips for identifying and mitigating the effects of attacks.