The FBI has made an appeal to organizations victimized by DDoS attacks to share details and characteristics of those incidents, echoing a similar plea made last year in the throes of a relentless wave of ransomware attacks.
The bureau said victims should contact local field offices regardless of the scale of attack or financial impact to the organization. The information law enforcement is seeking includes the traffic protocol used in the attack as well as any extortion or ransom demands made the by attackers. The FBI is asking organizations to preserve IP addresses used in the attack, netflow and packet capture logs, as well as emails or other correspondence from the criminals.
Victims are also asked to share descriptions of losses incurred through the attack, and if a ransom was paid, to share the cryptocurrency wallet address or email address used for remittance.
The request is part of a larger alert warning businesses about booter and stresser services which are so often critical pieces of DDoS attacks.
These services are sold in black market forums and used by criminals or hacktivists to automate and accelerate the ferocity of an attack.
“The FBI investigates these services as a crime if they are used against a Web site without the owner’s permission (such as for a legitimate stress test),” the FBI said in its alert.
Booters also provide criminals a measure of anonymitiy in carrying out DDoS attacks.
“These services are obtained through a monetary transaction, usually in the form of online payment services and virtual currency,” the FBI said. “Criminal actors running booter and stresser services sell access to DDoS botnets, a network of malware-infected computers exploited to make a victim server or network resource unavailable by overloading the device with massive amounts of fake or illegitimate traffic.”
DDoS attacks rose to prominence a year ago with the Mirai-based attacks against news sites, webhosts and DNS providers. Mirai opened a new front by leveraging thousands of unsecured connected devices including IP cameras and DVRs and corralling them into botnets that flooded targets with garbage traffic.
In a separate alert, the FBI warned that as connected internet of things devices figure to grow to 20 billion to 50 billion by 2020, the threat posed by DDoS attacks powered by these devices won’t waver.
The growing concern is that attackers will begin leveraging connected medical devices, building automation systems and home automation systems among other connected things that could impact physical safety or a person’s well-being.
“As more businesses and homeowners use Internet-connected devices to enhance company efficiency or lifestyle conveniences, their connection to the Internet provides new vulnerabilities for malicious cyber actors to exploit,” the FBI said in its alert. “In 2016 and 2017, cyber actors have demonstrated the ease in which IoT device vulnerabilities can be compromised and leveraged. Deficient security capabilities, difficulties in patching vulnerabilities, and a lack of consumer security awareness provide cyber actors with opportunities to exploit these devices.”
The FBI encourages device owners and manufacturers to take a number of steps to secure their devices, including changing default usernames and passwords, isolating IoT devices onto a protected network, and keeping devices current with regard to patches and feature updates.