Distributed DDoS attacks coordinated by hacker groups have had little impact on targeted services, the Federal Bureau of Investigation (FBI) said on Friday. This is because they target public infrastructure, such as websites, rather than actual services, causing limited disruption, as law enforcement explained in a private sector notice released today.

“Concurrently with Russia’s invasion of Ukraine, the FBI is aware that pro-Russian hacktivist groups have had limited success with DDoS attacks to target critical infrastructure companies,” the agency said.

“These attacks are often opportunistic in nature and have minimal operational impact on victims when DDoS mitigation steps are implemented; however, hackers often advertise and exaggerate the seriousness of attacks on social media.

“As a result, the psychological impact of DDoS attacks is often greater than that of a service failure.”

Such groups often target high-profile or critical infrastructure organizations such as financial institutions, emergency services, airports, government and healthcare facilities. Hacktivists are trying to increase their credibility by destroying websites and “falsely claim that the impact or disruption is greater than what happened”.

DDoS attacks on critical organizations and government agencies in the US

In a recent example of such an incident, the pro-Russian hacking group KillNet claimed to have hacked the websites of several major US airports. DDoS attacks have overwhelmed the servers hosting these sites, making it impossible for passengers to book services at the airport or receive updates about their scheduled flights.

Notable examples of airport websites that were closed at the time of the event include:

• Hartsfield-Jackson Atlanta International Airport (ATL) is one of the nation’s most important air traffic hubs in the United States.
• Los Angeles International Airport (LAX)
• Chicago O’Hare International Airport (ORD)

While these DDoS attacks did not affect flights, they had a negative impact on a key economic sector, disrupting related services. A week ago, the same group attacked US government websites in Colorado, Kentucky, and Mississippi with moderate success and briefly overthrew some of them.

Killnet also claimed that it shut down CISA’s Protected Critical Infrastructure Information Management System website on Friday after attacks on the U.S. Treasury Department in early October were blocked before they affected the institution’s infrastructure. A week ago, CISA, FBI, and MS-ISAC issued a joint recommendation to inform defenders on reducing the probability and impact of DDoS attacks. Source