The US Federal Bureau of Investigation (FBI) warned of a potential Distributed Denial of Service (DDoS) attack that targeted a state-level voter registration and information site in a Private Industry Notification (PIN) released today.

"The FBI received reporting indicating a state-level voter registration and voter information website received anomalous Domain Name System (DNS) server requests consistent with a Pseudo Random Subdomain (PRSD) attack," according to the FBI PIN seen by BleepingComputer.

PRSD attacks are a type of DDoS attack used by threat actors to disrupt DNS record lookups by flooding a DNS server with large amounts of DNS queries against non-existing subdomains.

The FBI says that the state voter registration website was not affected by the DDoS siege due to properly set up rate-limiting on the target's DNS servers.

DDoS attack details

A high volume of DNS requests consistent with a PRSD DDoS attack hit the DNS server of the voter registration website over a month, with short periods of time where the amount of DNS requests increased tenfold.

"The requests occurred over the course of at least one month in intervals of approximately two hours, with request frequency- peaking around 200,000 DNS requests during a period of time when less than 15,000 requests were typical for the targeted website," the FBI explains.

"The DNS requests had source IP addresses belonging to recursive DNS servers, obfuscating the originating host(s) or attacker, and were largely for non-existent subdomains of the targeted website.

During a sample three minute window, 24 IP addresses used by recursive DNS servers made 2,121 DNS requests.

A small sample of the DNS request traffic contained roughly 1,020 requests for unique subdomains, of which 956 were single requests for non-existent subdomains which appeared to be randomly generated."

The FBI also shared a number of examples of requests for nonexistent subdomains for the targeted attack, all of them sharing the same keyword added to the target domain.

DDoS mitigation measures

The FBI also provided potential targets with a series of precautionary measures to be taken to successfully mitigate DDoS attacks including but not limited to:

• Implement an incident response plan, including a DDoS mitigation strategy, and practice this plan prior to an actual incident.

• If the incident response plan involves external organizations, ensure the appropriate contacts with the external organizations are established prior to an incident.

• Enable automated patches for your operating system, Web browser(s), and software to the extent possible. When necessary, manually apply as soon as possible.

• Maintain a timeline of attacks, recording all relevant details.

The DHS Cybersecurity and Information Security Agency (CISA) also provides DDoS guidance, with details on how to avoid becoming a DDoS victim, how to know if an attack is happening, and what to do when you are experiencing an attack.

The FBI also encouraged PIN recipients to report any related suspicious activity to their local FBI field office or to file an online complaint with the Internet Crime Complaint Center.

Previous FBI alerts

In January, the FBI issued a flash security alert with additional IOCs and TTPs from recent defacement attacks operated by Iranian threat actors, as well as one regarding state-backed actors that hacked a US municipal government and a US financial entity by exploiting a Pulse Secure VPN server flaw.

On the same day, the FBI also notified private industry partners that nation-state threat actors were able to breach two other US municipalities by abusing the CVE-2019-0604 SharePoint vulnerability per ZDNet.

A Private Industry Notification (PIN) from November 2019 released by the FBI Cyber Division warned of cyberattacks against the US automotive industry with the end of sensitive corporate and enterprise data theft.

The FBI's Internet Crime Complaint Center (IC3) also published a public service announcement (PSA) in October about the increasing number of high-impact ransomware attacks targeting U.S. organizations.