The HHS Health Sector Cybersecurity Coordination Center has provided a guide on handling Distributed Denial of Service (DDoS) attacks including recommendations for avoiding and confining the seriousness of DDoS attacks and tips for responding to attacks.
A DDoS attack is a sort of denial of service (DoS) attack that tries to send a lot of requests to overload systems and make that system inaccessible to legit users. In regular denial of service (DoS) attack, the traffic typically comes from just one system. In a DDoS attack, the traffic comes from several sources and entails greater numbers of requests. DDoS attacks are usually done with a botnet, which is a system of web-enabled devices that were installed with malware or controlled by the botnet operator. Those devices can be servers, personal computers, mobile gadgets, and internet-of-things (IoT) devices and huge botnets can be created for carrying out big DDoS attacks.
Although attacks can make systems inaccessible, DDoS attacks are fairly short-lived. Sudden attacks are only a couple of seconds or a couple of minutes but can be extremely damaging. Extensive attacks are usually a couple of hours to a couple of days. DDoS attacks are now simpler and less expensive to perform and more complex because of the multitude of IoT devices currently available. A DDoS attack could be launched anytime and can result in significant disruption to the operation or resources of a website. For organizations that do their business on the internet, a DDoS can bring about service disruptions that end in big financial losses. For healthcare providers, the attacks can affect an organization’s capacity to give care, for instance impacting their access to electronic health records (including PHI), medical devices, and websites utilized to organize critical assignments.
DDoS attacks are carried out by a variety of threat actors which include financially inspired cybercriminal gangs, politically driven hacktivists and nation-state gangs, as well as other malicious actors. The causes of the attacks are likewise varied and may be carried out as part of a bigger attack, such as by ransomware groups to force victims to pay the ransom or to get the IT department’s attention and increase the likelihood of not noticing the networks breach. Hackers may perform attacks to get influence, disturb operations, and ruin a brand. Nation-state attackers may perform attacks to bring about confusion and disturb services to help them realize their political goals. In 2023, there were record-breaking attacks done, which include attacks on hospitals and other critical infrastructure. Not much technical skill is needed to carry out attacks since botnet operators provide DDoS-as-a-service. A few hacktivist groups have crowdsourced money to conduct DDoS attacks against particular targets.
The HC3 guide talks about the various types of DDoS attacks, generally employed attack tools and tips for avoiding and minimizing the seriousness of attacks. The best protection is to create a strong and scalable infrastructure that could manage great volumes of traffic and to use a DDoS mitigation service that could handle traffic to stop systems from getting weighed down. It is necessary to include DDoS attacks when planning incident responses to make sure to come up with an effective plan that .