As we’ve discussed previously on the GovSecurityHub, the response to the COVID-19 pandemic and the resulting stay-at-home orders have resulted in more people working from home. This has led to a drastic increase in corporate VPN use over the past few months. With a more remote workforce and an increasing reliance on VPN and virtual desktop infrastructure, companies need to be more wary of a DDoS attack than ever before.
Although DDoS attacks are nothing new, having an entire workforce that needs to connect to all of their corporate resources via VPN makes them an even more attractive and even more disruptive target for malicious actors.
What would be a disruptive, yet manageable, attack during normal times has becomes a crippling hit that could bring all work to a standstill during this global pandemic.
And this isn’t a problem that’s only facing public companies and enterprises. Even the military, government agencies and government contractors are becoming targets for malicious actors that recognize the opportunity in front of them. “Our adversaries in cyberspace know that we’re doing business differently,” Rear Admiral Kathleen Creighton, the Navy Cyber Security Division Director, remarked in a recent interview on the subject.
As a result, the sheer number of DDoS attacks attempted against VPNs has skyrocketed.
“In March, we saw one of the busiest months [for DDoS attacks] on record, and we’ve been doing this for over 12 years,” Tom Bienkowski, Director of Product Marketing at NETSCOUT, remarked in a recent webinar. “And then we got into April.”
Pointing to NETSCOUT’s recently released Cyber Threat Horizon, Bienkowski showed that the past two months have seen a 24 percent increase in DDoS attacks in contrast to the time before COVID-19 forced organizations to transition to remote work.
What makes this threat even more hazardous is the ease in which some VPNs can be denied, “it doesn’t take much to knock [VPNs] over,” Bienkowski elaborated, because companies’ VPNs are working at capacity since so many more people that usual are using them.
To better illustrate what this growing number of attacks would look like when it hits the network, Bienkowski outlined the three types of multivector DDoS attacks that pose a threat to a VPN, and, by translation, a company’s productivity writ large:
“This attack is designed to attack internet-facing circuits or consume bandwidth: either your load-bearing network or more importantly, your ISP’s network,” Bienkowski explained. By simply using up as much of your available bandwidth as possible, the malicious actor behind a volumetric attack looks to create congestion—a traffic jam—that slows down the movement of legitimate network activity, if it doesn’t stop it altogether.
TCP State-Exhaustion Attacks
There are many devices in our networks, like firewalls, load balancers, and VPN gateways which are stateful devices, meaning they have a finite state table running inside. This unfortunately makes them attack vectors, because “a TCP State-Exhaustion attack aims to fill that state table with bogus connections,” Bienkowski explained. And what’s more, these kinds of attacks can be powerful enough to topple even devices that are designed to maintain state on millions of connections at a time.
Application Layer Attacks
“This type of attack is designed to exhaust resources within the application itself, so loading up certain pages, requesting certain reads, certain rights, certain major database, anything that’s going to put load on the application server itself and potentially exhaust its resources,” Bienkowski said.
Indeed, these can actually be the most devastating kind of attacks since they can be very effective with as few as one attacking machine, compared to the myriad necessary for a volumetric or TCP State-Exhaustion attack.
“So any of these three vectors can essentially deny service, so that’s why they’re known as Distributed Denial of Service attacks,” Bienkowski concluded.
The ongoing COVID-19 pandemic has had a massive impact on how the government operates and how agencies and military organizations conduct business. The movement towards remote work hasn’t just impacted our ability to be together and collaborate face-to-face, it’s opened up new avenues in which malicious actors can grind operations to a halt. In this environment, productivity depends on a solid cyber defense.
To learn more about potential DDoS security measures, click HERE.