FBI Warns of DDoS Attack on State Voter Registration Site (Feb 4, 2020)
An FBI advisory reported on by BleepingComputer has detailed a Distributed-Denial-of-Service (DDoS) attack that targeted a state-level voter registration and information site. The DDoS was a Pseudo Random Subdomain (PRSD) attack, which is where actors “disrupt DNS record lookups by flooding a DNS server with large amounts of DNS queries against non-existing subdomains”. The volume of DNS requests seen in the attack were observed “over a month, in intervals of approximately two hours, with request frequency peaking around 200,000 DNS requests during a period of time when less than 15,000 requests were typical for the targeted website”.
Recommendation: Denial-of-service attacks can potentially cost your company loss in revenue because severe attacks can shut down online services for extended periods of time. In addition, the availability for threat actors to compromise vulnerable devices, and purchase DDoS for hire is a continually evolving threat. Mitigation techniques can vary depending on the specifics of the attack. For example, in the case of BlackNurse, which can disrupt enterprise firewalls, ICMP type 3 traffic should be blocked, or at least rate limited. Furthermore, a business continuity plan should be in place in the unfortunate case that your company is the target of a significant DDoS attack.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.