The Federal Bureau of Investigation (FBI) released a Private Industry Notification to highlight hacktivism activity and encourage organizations to implement recommended mitigations to reduce the likelihood and impact of Distributed Denial of Service (DDoS) attacks. The FBI defines hacktivism as a collective of cyber criminals who conduct cyber activities to advance an ideological, social, or political cause. Historically, hacktivist collectives conducted and advocated for cybercrime activity following high-profile political, socioeconomic, or world events. Coinciding with the Russian invasion of Ukraine, the FBI is aware of Pro-Russian hacktivist groups employing DDoS attacks to target critical infrastructure companies with limited success. Hacktivists provide tools and guidance on cyber-attack methodology and techniques to anyone willing to conduct an attack on behalf of their cause. DDoS attacks of public facing websites, along with web page and social media profile defacement, are a preferred tactic for many operations. These attacks are generally opportunistic in nature and, with DDoS mitigation steps, have minimal operational impact on victims; however, hacktivists will often publicize and exaggerate the severity of the attacks on social media. As a result, the psychological impact of DDoS attacks is often greater than the disruption of service.
DDoS attacks are of varying lengths of time and can be identified by:
• Unusually slow network performance (opening files or accessing websites).
• Unavailability of a particular website or the inability to access any website.
To mitigate a DDoS attack:
• Enroll in a Denial-of-Service protection service that detects abnormal traffic flows and redirects traffic away from the network.
• Create a partnership with the local internet service provider (ISP) prior to an event and work with the ISP to control network traffic during an event.
• Create a disaster recovery plan to ensure successful and efficient communication, mitigation, and recovery in the event of an attack.
• During and after a DDoS attack, monitor other network assets for any additional anomalous or suspicious activity that could indicate a secondary attack.