limiting on DNS servers protected a state-level voter registration and information
website from a monthlong DDoS attack that prompted the FBI to issue a Private
Industry Notification (PIN).
FBI received reporting indicating a state-level voter registration and voter
information website received anomalous Domain Name System (DNS) server requests
consistent with a Pseudo Random Subdomain (PRSD) attack,” a BleepingComputer
cited the notice as saying.
agency said that DNS requests occurred every two hours or so over at least a
month “with request frequency- peaking around 200,000 DNS requests during
a period of time when less than 15,000 requests were typical for the
requests came from source IP addresses that belonged to recursive DNS servers, which
obfuscated “the originating host(s) or attacker, and were largely for
non-existent subdomains of the targeted website,” the warning said, noting that
in a three-minute window in one sample “24 IP addresses used by recursive DNS
servers made 2,121 DNS requests.”
small sample showed “roughly 1,020 requests for unique subdomains, of which 956
were single requests for non-existent subdomains which appeared to be randomly
generated,” the agency explained.
DDoS “attacks still remain a popular attack vector for criminals against organizations to remove the availability of their internet access and thus preventing people the ability to access their website. Since UDP is a connectionless protocol, it can easily be spoofed, which makes it an easy attack vector against the websites,” James McQuiggan, security awareness advocate at KnowBe4, said, explaining that the FBI recommendations in the PIN, which include implementing an incident response plan and enabling automated patches where possible, “ are a good start for every organization to implement to protect against” DDoS attacks.
would expect that this type of attack is going to increase over time as the political scene ramps up
over this coming year,” said Jason Kent, hacker in residence at Cequence
Security. “I think the most important thing to understand is why the attack is
happening. Political motivation is a generalization, is someone trying to
destabilize or prevent our political system from working? Who benefits
from this? I would really like to follow the money and see what the
actual motivation is.”