FBI Outlines Technique Behind DDoS Attacks on US Voter Registration Website

Hackers who unleashed DDoS attacks (Distributed Denial of Service) attacks on a state-level voter registration and voter information website in the US used a technique called Pseudo Random Subdomain Attack (PRSD,) which is a form of attack that uses DNS queries for nonexistent and randomized subdomains, according to the FBI.

DevOps Connect:DevSecOps @ RSAC 2022

“The FBI received reporting indicating a state-level voter registration and voter information website received anomalous Domain Name System (DNS) server requests consistent with a Pseudo Random Subdomain (PRSD) attack,” notes a Private Industry Notification sent by the FBI and published by BleepingComputer.

“The requests occurred over the course of at least one month in intervals of approximately two hours, with request frequency- peaking around 200,000 DNS requests during a period of time when less than 15,000 requests were typical for the targeted website.”

PRSD attacks can be dangerous if the DNS servers lack the tools to deal with such incidents. Fortunately, that wasn’t the case. The FBI said the DNS servers had rate-limiting algorithms in place, which help to filter incoming and outgoing traffic.

These types of DDoS attacks are used because it makes it easier to obfuscate the source, as the queries can be routed through open proxies and botnets. On the other hand, it’s not that difficult to prepare for such an eventuality.

The FBI advises institutions and companies to have an incident response plan, including a DDoS mitigation strategy, to keep all endpoints, hardware, and software up to date, and to closely maintain a timeline for the attacks. Of course, organizations in the United States are advised to contact the FBI in case of a DDoS attack.

*** This is a Security Bloggers Network syndicated blog from HOTforSecurity authored by Silviu STAHIE. Read the original post at: