FBI Asks Businesses to Share Details About DDoS Attacks

The FBI has made an appeal to organizations victimized by DDoS attacks to share details and characteristics of those incidents.

The FBI has made an appeal to organizations victimized by DDoS attacks to share details and characteristics of those incidents, echoing a similar plea made last year in the throes of a relentless wave of ransomware attacks.

The bureau said victims should contact local field offices regardless of the scale of attack or financial impact to the organization. The information law enforcement is seeking includes the traffic protocol used in the attack as well as any extortion or ransom demands made by attackers. The FBI is asking organizations to preserve IP addresses used in the attack, netflow and packet capture logs, as well as emails or other correspondence from the criminals.

Victims are also asked to share descriptions of losses incurred through the attack, and if a ransom was paid, to share the cryptocurrency wallet address or email address used for remittance.

The request is part of a larger alert warning businesses about booter and stresser services which are so often critical pieces of DDoS attacks.

These services are sold in black market forums and used by criminals or hacktivists to automate and accelerate the ferocity of an attack.

“The FBI investigates these services as a crime if they are used against a Web site without the owner’s permission (such as for a legitimate stress test),” the FBI said in its alert.

Booters also provide criminals a measure of anonymitiy in carrying out DDoS attacks.

“These services are obtained through a monetary transaction, usually in the form of online payment services and virtual currency,” the FBI said. “Criminal actors running booter and stresser services sell access to DDoS botnets, a network of malware-infected computers exploited to make a victim server or network resource unavailable by overloading the device with massive amounts of fake or illegitimate traffic.”

DDoS attacks rose to prominence a year ago with the Mirai-based attacks against news sites, webhosts and DNS providers. Mirai opened a new front by leveraging thousands of unsecured connected devices including IP cameras and DVRs and corralling them into botnets that flooded targets with garbage traffic.

In a separate alert, the FBI warned that as connected internet of things devices figure to grow to 20 billion to 50 billion by 2020, the threat posed by DDoS attacks powered by these devices won’t waver.

The growing concern is that attackers will begin leveraging connected medical devices, building automation systems and home automation systems among other connected things that could impact physical safety or a person’s well-being.

“As more businesses and homeowners use Internet-connected devices to enhance company efficiency or lifestyle conveniences, their connection to the Internet provides new vulnerabilities for malicious cyber actors to exploit,” the FBI said in its alert. “In 2016 and 2017, cyber actors have demonstrated the ease in which IoT device vulnerabilities can be compromised and leveraged. Deficient security capabilities, difficulties in patching vulnerabilities, and a lack of consumer security awareness provide cyber actors with opportunities to exploit these devices.”

The FBI encourages device owners and manufacturers to take a number of steps to secure their devices, including changing default usernames and passwords, isolating IoT devices onto a protected network, and keeping devices current with regard to patches and feature updates.

Suggested articles


  • Barry Greene on

    The people who help companies defend against DOS attacks have created a "preparation checklist." This list is designed to help organizations prepare their network to collect the information law enforcement and investigators can use for investigations. You can get a copy of this here: Reporting DoS Attacks & Fighting Back Against DOS Attacks - http://www.senki.org/reporting-dos-attacks-fighting-back/
  • Mike on

    “The FBI has made an appeal for Business Owners to share details about DDOS attacks”. That’s the biggest crock of s#*t I’ve ever heard. My business has been repeatedly DDOS attacked, and I’m one of the lucky ones who have the logs and screenshots to prove it but the FBI won’t even call me back and the local police don’t have qualified personnel to hand the case. It’s the small business owners like myself who truly suffer from these instances.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.