By Philippe Alcoy, Security Technologies for NETSCOUT
As organisations from around the world are considering the future of office versus remote working, the impact of the Covid-19 pandemic on businesses will remain front of the mind. Organisations have had no option other than to adapt to new working environments – and fast. Now, nearly a year and a half after the onset of lockdown restrictions, the benefits of remote work have become increasingly apparent and it is likely that pandemic-driven work-from-home measures are likely to be in place for the foreseeable future, even after the lifting of restrictions. Indeed, the French bank Société Générale and London-based HSBC are two of many organisations which have announced that employees will be able to continue working remotely, even once the Covid-19 crisis comes to an end.
Nevertheless, remote working is not ideal for all parts of the business. This massive shift in the way in which businesses operate has resulted in a significant increase in activity across the global threat landscape. Cybercriminals have pounced on vulnerabilities exposed by the rapid digital transformation of organisations and have weaponised attack vectors that exploit the weak spots of the ‘new normal’. With businesses using numerous Internet of Things (IoT) devices to access their businesses’ data across multiple networks, both private and public, cybercriminals have had an easier job when it comes to intercepting the connection. Organisations have had to increase security measures as a result.
The rise of DDoS attacks in a remote work world
One type of threat that has presented challenges to security professionals during the course of the pandemic is Distributed Denial-of-Service (DDoS) attacks. In its recently published Threat Intelligence Report – which examines the DDoS threat landscape during the second half of 2020 – NETSCOUT discovered that in 2020, the total number of global DDoS attacks exceeded 10 million for the first time ever. This meant that there were 1.6 million more DDoS attacks in 2020 than there were in 2019, representing a 22 per cent increase in frequency of attacks.
DDoS attacks are designed to exhaust the resources available to an application, network, or service to prevent genuine users from gaining access, providing a simple yet effective mechanism for crippling online infrastructure. The aim of those cybercriminals behind these increased DDoS attacks has been to take advantage of the new reliance on online working, with access to online infrastructure being more important than ever due to remote working and learning. Evidence of this can be seen with internet publishing and broadcasting, a sector inhabited by Zoom and other video conferencing tools, appearing fourth in the top 10 most-attacked vertical industries for the first time ever. This demonstrates how threat actors have adjusted their targets to cause maximum disruption.
As the world continued to lean more heavily on pandemic-era mainstays such as online streaming, e-commerce, cloud, and online learning, attackers followed. For example, there were over 18,000 attacks against the education industry globally in the latter half of the year, while e-commerce also found itself on the receiving end of an increased number of DDoS attacks. This resulted in both industries being in the top 10 most targeted vertical industries in the latter half of 2020. This is not a surprise, especially when considering the rapid growth in both e-commerce and online learning since the start of the COVID-19 pandemic.
With DDoS attacks still on the rise – and with some form of remote working likely to be in place for the foreseeable future – the risk posed to businesses that are not prepared is significant. These attacks have the capacity to destroy large swathes of a business’ online infrastructure and services. As such, it is vital that organisations have plans in place prior to an attack in order to protect these key components.
How can organisations defend themselves from cybercriminals?
Despite the majority of organisations currently operating a remote working model, there are a number of things that businesses can do to protect themselves from DDoS attacks. Firstly, those businesses that have adequately prepared to protect their online infrastructure have experienced a very limited number of issues with regards to DDoS attacks. Even though cybercriminals have shown their effectiveness in the last year, the DDoS attack vectors and targeting methods that they are utilising are well known and, providing that your organisation has standard, effective DDoS protection in place, can be easily mitigated.
Moreover, organisations must ensure that their DDoS attack response process is fully customised to properly support the specific software environment and IT team. This is because remote working changes the variables when it comes to how attacks can take place, as well as the response from your team. Businesses will need to re-examine and update their DDoS attack response process by working with cybersecurity experts to identify which points of the online infrastructure are now more vulnerable to DDoS attacks, and how security can be improved. Subsequently, organisations should periodically test out this new response system. This ensures that if a DDoS attack does take place, then the reaction to the attack would be appropriate and effective. It will also allow any changes to organisations’ infrastructure to be incorporated into the response process.
Furthermore, having an on-demand DDoS attack expert is also something that organisations should consider. By making use of a DDoS expert, businesses will be able to navigate unfamiliar events and situations, which can prove to be extremely beneficial for both the company and the team. Due to the many changing variables that are currently in place, an expert can help a business to improve its success rate when it comes to mitigating a DDoS attack.
With a number of organisations likely to implement a hybrid working model in the coming months, it is vital that businesses ensure that both their corporate office and the home offices of employees are adequately protected from the threat posed by DDoS attacks. As such, it is wise for all businesses to invest in strong and effective DDoS protection.