The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a warning about ongoing distributed denial-of-service (DDoS) attacks affecting multiple industry sectors in the United States.
To counter these attacks, all U.S. organizations are advised to proactively prepare their security teams and take necessary measures to prevent or minimize the impact of such attacks.
One proactive measure is for network administrators to be prepared to swiftly implement firewall rules or reroute malicious traffic through DoS protection services. This helps prevent attackers from successfully targeting online portals or services.
Internet service providers (ISPs) can also provide guidance on the appropriate actions to take during such attacks.
"CISA is aware of open-source reporting of targeted denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks against multiple organizations in multiple sectors," the cybersecurity agency said.
"These attacks can cost an organization time and money and may impose reputational costs while resources and services are inaccessible."
CISA, in collaboration with the FBI and MS-ISAC, offers guidance on pre- and post-DDoS attack measures. This includes enrolling in dedicated DDoS protection services that redirect malicious traffic away from targeted assets.
Additionally, federal civilian executive branch (FCEB) agencies are advised to leverage tools like the Managed Security Service (MSS) and the Managed Trusted Internet Protocol Service (MTIPS) provided by the General Services Administration (GSA). These tools help mitigate the effects of DDoS attacks and restore impacted systems' operation.
The warning from CISA comes in the wake of a series of DDoS attacks that targeted both private and government organizations. These attacks resulted in the temporary shutdown of online portals. The responsibility for these incidents has been claimed by a threat actor known as Anonymous Sudan or Storm-1359 (tracked by Microsoft). Some cybersecurity researchers speculate a possible link to Russia.
Anonymous Sudan recently claimed responsibility for taking down the websites of EFTPS.gov (the U.S. Treasury Department's Electronic Federal Tax Payment System) and the U.S. Commerce Department. Independent verification confirmed the downtime of eftps.gov during the attack as stated by the threat group on their Telegram channel.
Furthermore, the threat group claimed another DDoS attack targeting Stripe's business payment management dashboard, which handles payments, refunds, and operations.
In previous instances, Anonymous Sudan also claimed responsibility for DDoS attacks that disrupted Microsoft's Outlook, OneDrive, and Azure web portals.
Since May, the group has targeted several large organizations globally, including Scandinavian Airlines (SAS), Tinder, Lyft, and various hospitals across the United States.
