"CISA, FBI, MS-ISAC Provide Guidelines For DDoS Incident Response"

The US Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint guide containing recommended procedures to reduce the likelihood and impact of Distributed Denial-of-Service (DDoS) incidents. A standard Denial-of-Service (DoS) cyberattack occurs when threat actors exhaust the network server of a system, rendering the system unavailable to the intended users. DDoS attacks are becoming more common as more Internet of Things (IoT) devices continue to grow in use. IoT devices are often found to have unstable IT security postures, making them easily compromised by attackers. Threat actors commonly use botnets to carry out large-scale attacks that appear to originate from multiple networks. A DDoS attack may prevent access to critical healthcare services such as bed capacity, data sharing services, and appointment scheduling services. Although a DDoS attack is unlikely to compromise the confidentiality or integrity of a system or its associated data, malicious actors can use it as a mask for more malicious attacks, such as malware. Maintaining the availability of business-critical external-facing resources in an interconnected world with additional post-pandemic remote connectivity requirements can be challenging for even the most mature IT and incident response teams, according to the CISA, FBI, and MS-ISAC. The agencies acknowledge that it is impossible to avoid becoming a victim of a DDoS attack entirely. However, organizations can take proactive steps to reduce the impact of an attack on the availability of their resources. The "Understanding and Responding to Distributed Denial-of-Service Attacks" guide can help network defenders and leaders in understanding, preventing, and resolving DDoS attacks, which can cause organizations to lose time, money, and reputation. This article continues to discuss guidance provided by CISA, the FBI, and MS-ISAC to federal and private agencies to prevent and remediate DDoS attacks. 

HealthITSecurity reports "CISA, FBI, MS-ISAC Provide Guidelines For DDoS Incident Response"