FBI: Hacktivist DDoS attacks had minor impact on critical orgs

The Federal Bureau of Investigation (FBI) said on Friday that distributed denial-of-service (DDoS) attacks coordinated by hacktivist groups have a minor impact on the services they target.

As the law enforcement agency explained in a private industry notification issued today, this happens because they target public-facing infrastructure like websites instead of the actual services, leading to limited disruption.

"Coinciding with the Russian invasion of Ukraine, the FBI is aware of Pro-Russian hacktivist groups employing DDoS attacks to target critical infrastructure companies with limited success," the agency said.

"These attacks are generally opportunistic in nature and, with DDoS mitigation steps, have minimal operational impact on victims; however, hacktivists will often publicize and exaggerate the severity of the attacks on social media. 

"As a result, the psychological impact of DDoS attacks is often greater than the disruption of service."

Such groups commonly target high-profile or critical infrastructure organizations like financial institutions, emergency services, airports, and government, health, and medical facilities.

By taking down their websites, the hacktivists aim to increase their credibility and "falsely assert greater impact or disruption than what occurred."

DDoS attacks on critical and govt organizations in the U.S.

In one recent example of such an incident, the pro-Russian hacktivist group KillNet claimed an attack against the websites of several major airports across the U.S.

The DDoS attacks overwhelmed the servers hosting these sites, making it impossible for travelers to book airport services or get updates about their scheduled flights.

Notable examples of airport websites inaccessible during the incident included:

• The Hartsfield-Jackson Atlanta International Airport (ATL), one of the country's more significant air traffic hubs in U.S.
• The Los Angeles International Airport (LAX)
• The Chicago O'Hare International Airport (ORD)

While these DDoS attacks had no impact on flights, they still had an adverse effect on a crucial economic sector, delaying associated services.

One week before, the same group also attacked U.S. government websites in Colorado, Kentucky, and Mississippi, with moderate success, knocking some of them offline for a short time.

Killnet also claimed to have taken down CISA's Protected Critical Infrastructure Information Management System website on Friday after its attacks on the U.S. Treasury in early October were thwarted before affecting the agency's infrastructure.

A week ago, CISA, the FBI, and MS-ISAC published a joint advisory to provide defenders with info on reducing the likelihood and impact of DDoS attacks.