By Philippe Alcoy, Security Technologies for NETSCOUT
Mostly, when thinking of cyberattacks, we consider thoselaunched against specific organisations, such as networks and service providers.However, a new major target for attackers has emerged recently – the connectivity supply chain.
The connectivity supply chain is the moniker assigned to the services and technologies which underpin organisations and enable employees to remain connected to the internet. This includes services capable of moving resources to the cloud, as well as those supporting interconnected devices, including enterprise Internet of Things (IoT), mobile phones and computers.
In light of the increased dependence on online services, threat actors have zeroed in on attempting to disrupt them.Attackers have been targeting the operational infrastructure of organisations, in addition to their customers and subscribers, for years. However, the significant increase in cyberattacks – particularly distributed denial-of-service (DDoS) attacks – since the start of the Covid-19 pandemic isn’t an accident.
Weak links in the connectivity supply chain
As can be seen in NETSCOUT’s Threat Intelligence Report, service providers that supply connectivity were heavily targeted by threat actors in the first half of 2021, comprising four of the top 10 vertical sectors on the receiving end of DDoS attacks. Wired telecom carriers took the top spot, with over 280,000 attacks. Wireless providers came in at third (84,151 attacks), while other telecommunication carriers (14,628 attacks) and telecom resellers (2,175 attacks) were seventh and ninth respectively.
One of the areas of particular concern in the connectivity supply chainis virtual private networks (VPNs).As the pandemiccompelled enterprises to support remote-work measures, organisations began to use VPNs to link corporate resources and remote workers to one another. The use of VPNs soared as a result. Simultaneously, there was a rise in DDoS attacks against VPNs, with more than 41,000 attacks launched against the stateful devicesin the first six months of 2021.
According to NETSCOUT’S Worldwide Infrastructure Security Survey (WISR), threat actors were aware thatenterprises were far more vulnerable to cyber threats while operating remotely, which provided the only motivation they required to level DDoS attacks against VPNs. The surge in VPN usage allowed threat actors to disconnect users from organisational assets and impeded security teams from responding to attacks, as was the case with the Lazarus Bear Armada (LBA) DDoS extortion campaign.
Further to this, another weak link in the connectivity supply chain are the databases that store internet domain names and translate them into IP addresses– known as the Domain Name System (DNS). Around 4,000 DDoS attacks were launched against these systems in the first half of 2021. This represents a major problem for enterprises while they are operating remotely, because when DNS systems are offline, websites suffer from connection and timeout problems.
Additionally, Internet Services Providers (ISPs) represent another area which enterprises should look to defend from DDoS attacks. ISPs, which provide businesses and consumers with internet connections and services, were on the receiving end of more than 1,000 DDoS attacks from January to June 2021.
For example, in May 2021,Belgian ISP Belnet was bombarded by multiple DDoS attacks that caused a widespread internet outage in the country, disrupting more than 200 organisations, including government, healthcare, and academic institutions. This illustrates how impactful such DDoS attacks can be on enterprises, governments and other organisations.
Perhaps the most important element of DDoS attacks on these vital components of connectivity is the collateral damagethat these attacks can cause. Irrespective of whether or not attacks take the element completely offline, these services still represent millions of consumers and users, acting as gateways for all online activities.
The chance to disrupt an organisation’s entire online infrastructure, not to mention the possibility of playing havoc with a raft of individuals and services providers, is too good of an opportunity for cybercriminals to pass on. The combination of these weak links have made the connectivity supply chain a very appealing target for threat actors.
How to defend this vital business artery from cyberattacks
In order for services providers and organisations to prevent DDoS attacks from devastating the connectivity supply chain, there are a number of steps they can take to protect this vital business artery from cybercriminals.
Firstly, and most importantly, it’s pivotal for organisations to invest in a robust DDoS mitigation system. For example, in a scenario in which a business with a strong DDoS defence system is the target of a DDoS attack, they need not worry about their online infrastructure as the system is able to defend it in an effective manner. This provides enterprises with full confidence in the DDoS protection system’s ability to block an attack and prevent it from having potentially serious consequences.
Adding to this, service providers and organisations with business-critical public-facing internet properties must ensure compliance with industry best current practices (BCPs). This includes complying with situationally specific network access policies that permit internet traffic solely through required IP protocols and ports.
What’s more, regular testing of this infrastructure should take place, so as to ensure that any alterations made to applications, servers and services are incorporated into the DDoS mitigation strategy. In order to optimise DDoS protection, enterprises operating mission-critical, public-facing internet properties should include all online infrastructural elements in regular and realistic test of the DDoS mitigation plan. This ensures DNS and application servers, in addition to other key features of the connectivity supply chain, will be largely unaffected should an organisation be targeted by a DDoS attack.
Increases in attacks against these suppliers of connectivity have coincided with more attacks against the organisations that utilise them. This has been especially true since the beginning of the pandemic, which caught enterprises off guard, forcing them to support remote-working initiatives much faster than ever anticipated. As such, it’s vital for enterprises to take the necessary steps to protect the vital business artery that is the connectivity supply chain from cyberattacks.