Dejkala
No Result
View All Result
  • Home
  • Tech
  • Banking & loan
  • Games
  • Car’s & Bike’s
  • Home
  • Tech
  • Banking & loan
  • Games
  • Car’s & Bike’s
No Result
View All Result
Dejkala
No Result
View All Result
Home Latest update

FBI and CISA: Here’s what you need to know about DDoS attacks- Dejkala

by hasibul
October 31, 2022
in Latest update
0
FBI and CISA: Here’s what you need to know about DDoS attacks- Dejkala
0
VIEWS
Share on FacebookShare on Twitter


POV cyber hacker attacks

Image: Getty Images/iStockphoto

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are warning organizations to take proactive steps to reduce the impact of distributed denial-of-service (DDoS) attacks.

DDoS attacks can be cheap to create but disruptive, so it could be worthwhile for network defenders to take a look at CISA’s and the FBI’s guidance as a backup to what they likely already know about the attacks, which can overload networks, protocols, and applications. 

DDoS attacks use networks of compromised internet-connected devices to overwhelm targets with junk traffic. In the past, attackers have abused Network Time Protocol, Memcached and other protocols to amplify DDoS attacks. 

“A DoS attack is categorized as a distributed denial-of-service (DDoS) attack when the overloading traffic originates from more than one attacking machine operating in concert. DDoS attackers often leverage a botnet—a group of hijacked internet-connected devices—to carry out large-scale attacks that appear, from the targeted entity’s perspective, to come from many different attackers,” CISA says in its guidance.  

Also: Ransomware: Why it’s still a big threat, and where the gangs are going next

CISA highlights that Internet of Things (IoT) devices are a notable source of DDoS problems, thanks to the use of default passwords and poor security from device makers. IoT devices, like standard home routers, are a problem because they lack a user interface, meaning users can’t be informed on the device by the vendor when to apply a security patch. The White House this month proposed an IoT security-labeling scheme that will come into force in the Spring of 2023. The EU is also planning a CE-style labeling scheme for IoT devices.   

“Because infections of IoT devices often go unnoticed by users, an attacker could easily assemble hundreds of thousands of these devices into a formidable botnet capable of conducting a high-volume attack,” CISA notes. 

CISA also emphasizes that DDoS attacks don’t necessarily compromise the integrity or confidentiality of a system’s data, it does attack the third pillar of cybersecurity: availability. And once availability is undermined, this in turn could open the door for attacks on confidentiality and integrity that are protected by systems that depend on availability. 

“Because a cyber threat actor may use a DDoS attack to divert attention away from more malicious acts they are carrying out—e.g., malware insertion or data exfiltration—victims should stay on guard to other possible compromises throughout a DDoS response. Victims should not become so focused on defending against a DDoS attack that they ignore other security monitoring,” the agencies note.

While enterprise organizations can buy DDoS protection from internet infrastructure firms, there are other basic steps organizations should take, such as configuring web application firewalls and understanding how users connect to a network – for example, whether they connect via a virtual private network (VPN), which became much more prevalent during the pandemic. 

CISA also recommends companies design and review high-value assets to remove dependence on a single node and ensure they’re using multiple nodes. It also recommends colocation of these critical assets for business continuity. The best method, argues CISA, is to upstream service provider defenses or DDoS protections in a local datacenter.  

From an organizational perspective, DDoS response should be part of an organization’s disaster recovery plan, which should include knowing what alternatives are available if a critical app has been knocked out. 

CISA’s guide is intended for federal civilian executive branch (FCEB) agencies and not for private industry. Google, Akamai and Cloudflare contributed to the advisory, which was published alongside the US government’s Multi-State Information Sharing and Analysis Center (MS-ISAC). 


Related

ShareTweetShare

Related Posts

A live blog of TikTok CEO Shou Zi Chew's testimony before Congress, as he attempts to address national security concerns over ByteDance's ownership of the app (Washington Post)- Dejkala
Latest update

A live blog of TikTok CEO Shou Zi Chew's testimony before Congress, as he attempts to address national security concerns over ByteDance's ownership of the app (Washington Post)- Dejkala

March 23, 2023
Congress proposes 2 bills to ban TikTok. Here’s what they mean- Dejkala
Latest update

Congress proposes 2 bills to ban TikTok. Here’s what they mean- Dejkala

March 23, 2023
Epic’s new motion-capture animation tech has to be seen to be believed- Dejkala
Latest update

Epic’s new motion-capture animation tech has to be seen to be believed- Dejkala

March 23, 2023
‘Star Trek: Picard’ thinks the kids aren’t alright- Dejkala
Latest update

‘Star Trek: Picard’ thinks the kids aren’t alright- Dejkala

March 23, 2023
Relativity Space has a successful failure with the debut of Terran 1- Dejkala
Latest update

Relativity Space has a successful failure with the debut of Terran 1- Dejkala

March 23, 2023
Lenovo LOQ laptops, desktop woo PC gamers on a budget- Dejkala
Latest update

Lenovo LOQ laptops, desktop woo PC gamers on a budget- Dejkala

March 23, 2023
Next Post
The best robot vacuums for 2022- Dejkala

The best robot vacuums for 2022- Dejkala

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Categories

  • Earn Money Online
  • Game news and review
  • Laptops
  • Latest update
  • Smartphone Reviews & News
  • TODAY Tech News
  • Upcoming Technology
  • Wordpress plugin
  • WordPress themes
  • World Wide Bike Reviews and News
  • World Wide Car News

Recommended

You might be using the wrong microSD cards- Dejkala

You might be using the wrong microSD cards- Dejkala

February 13, 2023
ChatGPT or Google: Which gives the best answers?- Dejkala

ChatGPT or Google: Which gives the best answers?- Dejkala

February 16, 2023
Review: HP’s Dragonfly Folio G3 stays cool and quiet in faux leather- Dejkala

Review: HP’s Dragonfly Folio G3 stays cool and quiet in faux leather- Dejkala

December 16, 2022
A court filing from Epic's lawsuit shows Google allegedly agreed to pay ~$360M over three years to keep Activision Blizzard from launching its own app store (Paresh Dave/Reuters)- Dejkala

A court filing from Epic's lawsuit shows Google allegedly agreed to pay ~$360M over three years to keep Activision Blizzard from launching its own app store (Paresh Dave/Reuters)- Dejkala

November 19, 2022
Experts argue the TikTok ban by over two dozen US states is a reflection of government groupthink and an overreaction to an app officials don't fully understand (Drew Harwell/Washington Post)- Dejkala

Experts argue the TikTok ban by over two dozen US states is a reflection of government groupthink and an overreaction to an app officials don't fully understand (Drew Harwell/Washington Post)- Dejkala

January 20, 2023
Here’s everything Sam Bankman-Fried is accused of by the US government- Dejkala

Here’s everything Sam Bankman-Fried is accused of by the US government- Dejkala

December 14, 2022
A live blog of TikTok CEO Shou Zi Chew's testimony before Congress, as he attempts to address national security concerns over ByteDance's ownership of the app (Washington Post)- Dejkala

A live blog of TikTok CEO Shou Zi Chew's testimony before Congress, as he attempts to address national security concerns over ByteDance's ownership of the app (Washington Post)- Dejkala

March 23, 2023
Congress proposes 2 bills to ban TikTok. Here’s what they mean- Dejkala

Congress proposes 2 bills to ban TikTok. Here’s what they mean- Dejkala

March 23, 2023
Epic’s new motion-capture animation tech has to be seen to be believed- Dejkala

Epic’s new motion-capture animation tech has to be seen to be believed- Dejkala

March 23, 2023

Categories

  • Earn Money Online
  • Game news and review
  • Laptops
  • Latest update
  • Smartphone Reviews & News
  • TODAY Tech News
  • Upcoming Technology
  • Wordpress plugin
  • WordPress themes
  • World Wide Bike Reviews and News
  • World Wide Car News

Pages

  • About Us
  • Banking & loan
  • Car’s & Bike’s
  • Contact Us
  • Games
  • Home
  • Home 2
  • Privacy Policy
  • Tech

© 2022 Dejkala

No Result
View All Result
  • Homepages
    • Home – Layout 1
    • Home – Layout 2

© 2022 Dejkala