With National Cybersecurity Month continuing in earnest, there continue to be many excellent conversations on how to best create and maintain a robust cybersecurity policy. A key concern that has taken on new importance during the COVID-19 pandemic is the ability of DDoS attacks to shutter critical infrastructure. Chief among these targets include hospitals and government organizations which both rely on constant and reliable operation for function effectively or even at all. Both have also embraced the digital transformation of work and transitioned to using solutions that have enabled workers to operate at home, including a VPN or a remote access point.
The unfortunate reality of these attacks is that the very changes made to make work efficient during the pandemic have presented bad actors with significant vulnerabilities to exploit. According to NETSCOUT’s 1H 2021 Threat Intelligence Report, more than “41,000 DDoS attacks were levied last year” against VPNs which comprise one of the fundamental solutions many organizations are using. Since the hybrid work model appears to be the new normal, government organizations must work to understand why these actors are targeting their VPNs, and, more importantly, how to stop them.
This was the crux of a recent blog from NETSCOUT which outlined a number of ways for these entities to first address the needs and solutions which require VPNs and other similar systems, and what they can do to create a more effective cybersecurity paradigm.
Severing a Needed Connection
As the pandemic has forced companies to support work-from-home (WFH) and other remote-work initiatives, those enterprises increasingly have turned to VPNs to link remote workers to corporate resources. At the same time, cyberattacks have increased DDoS attacks against VPNs—for several reasons.
Such attacks disconnect users from their organization’s online assets, and they also serve to prevent security teams from responding to these and other types of cyberattacks. But the pandemic also forced enterprises to expand digital services to customers and vendors, massively expanding the potential impact of an attack against the corporate VPN.
According to NETSCOUT’S Worldwide Infrastructure Security Survey (WISR), cybercriminals know that corporations are more exposed while employees are working remotely, which provides the only motivation they need to launch targeted DDoS attacks against VPNs and other stateful devices. 83 percent of WISR enterprise respondents reported DDoS attacks targeting firewalls and/or VPN devices contributed to a service outage—an increase of 21 percent from 2019.
The Solution: Intelligent, Stateless Mitigation
The only way to stop DDoS attacks against enterprise VPNs is to implement an intelligent DDoS mitigation solution that operates in a stateless or semi-stateless manner and integrates the following features:
- Predominantly uses stateless packet processing technology.
- When stateful inspection is required, make use of an ephemeral challenge to determine the legitimacy of the connection.
- Is deployed on customer premises, northbound of firewall, VPN gateway, and other stateful devices.
- Easily integrates into the cybersecurity stack