The US Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the multistate information sharing, and analysis center (MS-ISAC) have, in a joint effort, released an advisory to defend against distributed denial of service (DDoS) attacks.

Especially popular with Russia-backed hacktivists and nation-state actors, DDoS attacks refer to malicious attempts to disrupt the normal traffic of a targeted service by overwhelming its servers and networks with a flood of fake traffic.

The joint advisory is released to serve “as a guidance for federal, state, local, tribal, and territorial government entities to address the specific needs and challenges faced by them to defend against denial of service (DoS) and DDoS attacks.”

A DoS attack involves a single source to overwhelm the target system as opposed to the multiple sources, also called botnets, used in DDoS attacks. The main advantage of a DDoS attack over a DoS attack is the ability to generate a significantly higher volume of traffic, overwhelming the target system’s resources to a greater extent, according to the advisory.

Typical denial of service attacks

The advisory has grouped typical DoS and DDoS attacks based on three technique types: volume-based, protocol-based, and application layer-based. While volume-based attacks aim to cause request fatigue for the targeted systems, rendering them unable to handle legitimate requests, protocol-based attacks identify and target the weaker protocol implementations of a system causing it to malfunction.

A novel loop DoS attack reported this week targeting network systems, using weak user datagram protocol (UDP)-based communications to transmit data packets, is an example of a protocol-based DoS attack. This new technique is among the rarest instances of a DoS attack, which can potentially result in a huge volume of malicious traffic.