DDoS attacks on VPN servers can not only bring remote work to a standstill but also cut off admins from accessing their systems. Here are three ways to stay safer.
Operational continuity is crucial for organizations at the best of times — and right now, we’re a long way from the best of times. The evolving COVID-19 pandemic has introduced extraordinary challenges for individuals and organizations alike, and retaining a semblance of normality amid the mass shift to home working and online service delivery is proving to be an uphill struggle for many businesses.
A crucial part of ensuring operational continuity, or something close to it, throughout the pandemic is cyber resilience — that is, being able to ensure continuity of digital services, from the applications and data that employees need to carry out their duties from home to any customer-facing elements such as e-commerce websites and mobile apps.
But how is the pandemic affecting organizations’ cyber resilience — and how can they meet the challenge head on, to mitigate the risks to their business?
Cyber Resilience Is Multifaceted
Cyber resilience is not only about ensuring that key digital systems and applications continue to be operational. It is about protecting those systems and applications from malicious interference, whether because of digital vandalism or more sophisticated attempts to infiltrate the organizational infrastructure and steal data.
It is also about protecting the organization’s online reputation, ensuring that damaging or untrue news stories do not proliferate across social media. The unfolding coronavirus pandemic is having a dramatic impact on organizations’ ability to manage all three of these aspects.
VPN Access Turns into a Bottleneck
Operational availability of core systems and applications has been challenged by the drastic change in working circumstances to which most organizations must adapt. The shift to home working has required organizations to deploy new collaboration and conferencing tools, organize new cloud service delivery models and perhaps secure VPN access for staff working from home, and even get new hardware out to remote staff. This is costly and complex.
Meanwhile, many of the organizations supplying such services have had to rapidly reorganize in order to ensure continuity of service amid huge spikes in demand.
That migration to remote working and reliance on using VPNs also elevates cyber-risk. “With these systems now categorized as critical, the ‘expected business impact’ of an attack substantially increased, driving up overall business risk,” says Andy Shoemaker, founder and CEO of NimbusDDoS, a Boston-based pen-testing provider.
If the organization’s VPN server is attacked, it affects everything: not just the remote workers trying to access corporate resources but also network admins working remotely. The attack could lock them out of management consoles, meaning they are unable to make network changes to remediate the problem. In this scenario, having to scramble a member of the IT team to headquarters to start redirecting IP traffic could easily mean hours of downtime and disruption. Put simply, the remote access capability that is keeping the business going has also become a single point of failure.
“Pathways into the infrastructure are substantially reduced, and it’s possible you may lose access completely during an attack,” Shoemaker says. “Also, incident response processes are usually designed based on assumptions regarding staff availability, and system access. If these are impacted seriously, as they have been during the pandemic, then the procedures themselves can break down, further extending downtimes. Especially during periods of financial hardship, a person with the skills to perform a DDoS attack may be compelled to engage in extortion-motivated DDoS attacks.”
Attacks Are Up 30%
It’s no surprise that organizations have noted a substantial increase in the volume and type of cyberattacks being leveled at businesses, many seeking to capitalize specifically on fear and uncertainty around the virus. Link11 has witnessed a notable 30% increase in the volume of DDoS attacks defended against from February 17 to March 9 compared with the same period in 2019 (disclosure: I’m the COO of Link11). Other organizations have reported similar increases. Some of these may well be motivated by extortion or revenge — especially as the pandemic has meant many organizations have made employees redundant or furloughed staff.
Alongside DDoS attacks, ransomware is proving particularly effective, as phishing emails and messages exploit very real desires for information and advice related to the pandemic.
And of course, should a business fall victim to any such attack, the potential reputational risk remains. Bad news travels fast online — particularly with so many people working from home and trawling news and social media sites.
How to Build and Maintain Cyber Resilience
Today, most organizations operate fragmented IT landscapes comprising on-premises equipment, and a growing number of workloads hosted in private clouds and public clouds. To ensure a holistic security layer across these complex, hybrid environments, organizations should follow these steps:
1. Act, don’t react.
Cyberattacks rarely occur in isolation. Organizations that experience DDoS attacks often also report theft of intellectual property, customer data or financial assets, and resources. Criminals will often launch a DDoS attack against one part of an organisation to divert attention from a hacking attempt or malware exploit. Therefore, comprehensive DDoS mitigation should be a key part of an organization’s defences.
2. Have a shield in the cloud.
To deliver that protection, all traffic to the organization’s website and resources should be routed via an external cloud service that uses algorithms and machine learning techniques to identify and filter out all malicious traffic instantly before it affects critical services. This means the organization’s IT and security teams cannot be distracted by a diversionary DDoS exploit, enabling them to focus on blocking stealthy, targeted attacks.
3. Protect your APIs.
These stealthy attacks include targeting web applications and the APIs they use, with the aim of exfiltrating data. Criminals are increasingly looking to exploit these as they typically have low levels of protection and monitoring. They’re also the weakest link within the IT value chain and can easily bring operations to a halt when they are flooded. Victims of this type of attack include a leading credit-checking agency, which resulted in over a million consumer records stolen. Organizations should assess the risk exposure of their web applications and APIs, deploy automated solutions that can dynamically adapt to new threats, and block attacks before they can reach the application itself to help stop breaches happening.
This “new normal” that we are all experiencing will only be temporary. But the positive impacts of putting such protections in place could last a lifetime.