The Health Sector Cybersecurity Coordination Centre (HC3), which falls under the Department of Health and Human Services in the US, has gone on to issue a warning to healthcare organisations stating that a massive flood of distributed denial of service (DDoS) attacks can very well shut down their websites.
It is well to note that a third party has gone on to share this piece of information with HC3 concerning the DDoS attacks, which have been monitored since November 2022. These attacks happen to be flooding servers as well as networks with fake domain names and DNS requests for non-existent domains, as per the alert.
According to HC3, a DNS non-existent domain DDoS attack happens to be one of the numerous denial-of-service attacks that target the DNS. What it intends to do is overload the DNS server with high request volumes, that can either be invalid or even non-existent.
In this kind of DDoS, DNS server spends time gauging and locating something that does not exist at all instead of responding to a legitimate user request. Since the invalid request volume increases, the server begins slowing down, thereby preventing legitimate requests from getting some kind of response. In fact, legitimate clients who are looking to access the website end up increasing the load even further. In most cases, the DNS proxy server as well as the DNS authoritative server use all their time to take care of those bad requests, as per HC3.
When successful, result of these attacks can mean greater utilisation of resources on the server, with the cache getting filled with non-existent domain replies. This can result in the website slowing down or stopping an authorised user from accessing or using its services.
These attacks, like the other DDoS attacks, get carried out by large botnets, which have thousands of compromised devices that are located across the world, thereby making the detection as well as the blocking part very difficult. Due to this, the non-existent domain DDoS attacks could go on to negatively impact network providers, end-users, and, of course, the owners of the website.
If the network providers are not able to subside or control the attack, it would obviously lead to their customers being unable to access the website and therefore the services too.
HC3 thereby encourages organisations to be vigilant when it comes to blocking IPs, as this could result in a legitimate user being prevented from accessing public services. As per HC3, there are numerous recommended actions as well as mitigations that are available concerning DNS non-existent domain Flood DDoS attacks.
These recommendations include blackhole routing or filtering suspected domains and servers, DNS Response Rate Limiting implementation, request blockings from the client IP address, cache refresh assurance, and facilitating continuous services.