Cyber Actors Exploiting Built-In Network Protocols To Launch Larger DDOS Attacks
FBI PIN
Original Release Date: 7/22/2020
Summary
Cyber actors have exploited built-in network protocols, designed to reduce computational overhead of day-to-day system and operational functions, to conduct larger and more destructive distributed denial-of-service (DDoS) amplification attacks against US networks. A DDoS amplification attack occurs when an attacker sends a small number of requests to a server and the server responds with more numerous responses to the victim. Typically, the attacker spoofs the source Internet Protocol (IP) address to appear as if they are the victim, resulting in traffic that overwhelms victim resources. Cyber actors likely will increasingly abuse built-in network protocols. Such abuse likely will enable DDoS amplification attacks to be carried out with limited resources and result in significant disruptions and impact on the targets.
This FBI PIN contains an overview of the threat, recommended mitigation measures, and is being provided for your awareness.
Reporting
The NJCCIC encourages recipients who discover signs of malicious cyber activity to contact the NJCCIC via the cyber incident report form by clicking here.
Please do not hesitate to contact the NJCCIC at njccic@cyber.nj.gov with any questions.
The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.
View our Privacy Policy here.
View our Site Index here.