COVID remote working used for devastating DDoS attacks


There’s been no shortage of disruption resulting from the COVID-19 pandemic. Unfortunately, cybercriminals are seizing on the turmoil to leverage new devastating cyber attacks.

As more people than ever have been working from home due to coronavirus, making this the “new normal,” there has been a sharp spike in incidents such as Distributed Denial of Service (DDoS) attacks in an attempt to interrupt service for both large companies and individuals. Telework increases the importance of consistent network connectivity, and remote workers need access to the corporate environment. But this brings with it a raft of problems.

These new cyber attacks seize on vulnerabilities that accompany the sudden, unprecedented shift to remote working without a long period of testing for many of the processes to be properly put through their paces. COVID drove many organizations to rapidly switch from an office-based environment to having a predominantly (or even exclusively) remote workforce. Many were not prepared for this — and hackers have been more than willing to jump on that weakness to leverage cyber attacks for either personal gain or to cause more disruption.

With home-based internet connectivity more important than ever, the heavy reliance on online services has greatly increased traffic. But ISPs face a massive challenge: to spot the attacks designed to send abnormal amounts of traffic to overwhelm websites and internet services, and to sort these from the growing demands on ISPs that accompany legitimate workloads. To put it another way, how do you properly identify and act upon abnormal traffic patterns when the “new normal” is still new and not yet particularly normal?

Cyber attacks on already overloaded networks

In many cases, cybercriminals can more easily impact already overloaded corporate networks. Because so many people are now working from home, accessing crucial corporate applications and services via Virtual Private Networks (VPNs), VPN gateways are more likely to be running close to (or even at) capacity. Prior to this, VPNs were not constantly in use. However, now they have become an essential and unavoidable part of running a business or organization during the present pandemic scenario.

As a result of this, even a relatively small DDoS could manage to bring down VPN gateways. Unlike DDoS attacks in pre-COVID times, such attacks don’t just make services inaccessible to customers, but also to employees in the form of remote home-based users. The result is that cyberattackers can more thoroughly damage organizations with fewer resources and a lower barrier to entry than ever. That’s bad news.

Attacks may also be small enough to slip under ISPs’ radar. During 2020, as more people have been working from home, there has been a rise in small-sized, short attacks referred to as “invisible killers.” Unlike massive — and very visible — DDoS attacks, which can last for days and throw upward of one terabyte per second at targets, these smaller-sized attacks may go unnoticed by ISPs already dealing with large amounts of traffic on a regular basis. They are therefore able to access online services to wreak havoc without being checked.

It’s not only private companies that have been facing these attacks. France’s Assistance Publique — Hôpitaux de Paris, a university hospital trust in charge of managing almost 40 public hospitals in the region, was hit with a DDoS attack in late March. This attack was seemingly timed to coincide with France’s attempts to grapple with the severity of the coronavirus pandemic and its impact on hospitals and other medical facilities. While it lasted for just one hour and did not cause too much damage (compared to the potential of DDoS attacks), it blocked external access to systems like email and remote applications to employees working outside the hospital.

Similarly, Germany’s distance learning platform Mebis was targeted by a cyber attack during the first day of remote schooling. This meant that teachers were unable to send homework and other learning materials with schoolchildren for multiple hours.

Protecting against the new normal

The coronavirus pandemic and the cyber attacks that have taken place during it has highlighted the need for robust DDoS prevention. Corporate networks are already strained due to VPN requirements during telework. It’s crucial that organizations are able to protect against DDoS attacks in order to maintain their operations. Right now, the world is relying on connectivity and access to services more than ever — whether that’s for entertainment, communications with friends and family, or the ability to work from home at a time when gathering colleagues together in the same physical geographic location simply isn’t possible in many cases.

Fortunately, tools exist that can help organizations navigate the potentially “new normal” of cyber attacks targeting teleworking. If you opt to bring on professionals to help you with this task, ensure that they have experience in areas like always-on DDoS protection against attacks that target internet-facing websites or public cloud-hosted services. Even against the noise of more people than ever trying to (legitimately) access these services, they should be able to spot bad or malicious actors — and to block them.

This problem isn’t going to go away anytime soon. However, with the right tools in your arsenal you can make sure to protect against the threats, whatever form they might come in.


Leave A Reply