HHS' Health Sector Cybersecurity Coordination Center is warning healthcare organizations to look out for flood distributed-denial-of-service attacks that could shut down their websites.
A trusted third party told HC3 that the fake domain name server requests have been targeting providers since at least November, according to the April 7 notice. The threat actors aim to overload servers with a large number of nonexistent or invalid requests, slowing down the websites.
HC3 provided these mitigation recommendations from cybersecurity company Netscout:
- Blackhole route or filter suspected domains and servers.
- Implement domain-name-server response rate limiting.
- Block requests from the client's IP address for a configurable period of time.
- Be sure that cache refresh takes place, ensuring continuous service.
- Lower the timeout for recursive name lookup to free up resources in the domain-name-service resolver.
- Increase the time-to-live on existing records.
- Apply rate-limiting on traffic to overwhelmed servers.