If cybercrime were a country, it would have the 13th highest gross domestic product (GDP) in the world, with large multi-national operations earning more than US$1 billion annually.

This is according to the recently-released 2H 2019 NETSCOUT Threat Intelligence Report, which says that this gives cybercriminals plenty of motivation to continue unleashing an onslaught of different types of attacks on the world. This includes phishing, distributed denial of service (DDoS) attacks, ransomware and many other forms of malicious malware.

And that was just last year – where are we at now that we’re four months into 2020?

“This year,” says Bryan Hamman, Regional Director at NETSCOUT, a leading provider of service assurance, security and business analytics, “cybercriminals have been given a golden opportunity to take advantage of the global COVID-19 pandemic to launch attacks on people working from home, as companies try their utmost to keep their organisations operational.

“The fact that so many white-collar workers are now working remotely has, unfortunately, opened up nefarious new routes for cybercriminal elements around the globe. Defending business continuity is of paramount importance, and employees must now rely on VPNs to access critical business applications, which makes VPN endpoints – which are often undefended – a business lifeline.”

A remote access VPN securely connects a device outside the corporate office to the network. Known as endpoints, these can include smartphones, tablets and laptops. Although VPN traffic is encrypted, vulnerabilities at the endpoints do exist.

NETSCOUT Security CTO Darren Anstee clarifies in a NETSCOUT blog, “The availability of the remote access systems that give us a route into our corporate networks is really crucial now. However, in many cases the remote access endpoints that we’re relying on are vulnerable to DDoS attack, and there are a lot of people out there who are looking to exploit this. We are seeing an increase in DDoS attacks targeting the TCP[1] and UDP[2] ports being used by various VPN solutions.”

DDoS attacks are an attempt to exhaust the resources available to a network, application, or service so that genuine users cannot gain access. Such attacks on VPN endpoints would have significant business continuity consequences.

Additionally, says Anstee, attackers are able to mix and match different DDoS vectors to maximise their chances of success, as follows:

  • Volumetric attacks saturate connectivity, filling up the pipes that connect network and resources together.
  • State exhaustion attacks target infrastructure, such as load balancers[3] and firewalls[4], congesting and overwhelming state tables[5].
  • Application layer attacks target applications at layer seven[6] with queries and authentication requests that use up resources and cause systems to come to a halt.

And so, if an attack saturates the link to a VPN endpoint or exhausts its state tables, home workers are effectively cut off from corporate resources. The question then is: how does an organisation protect itself from these insidious threats, to protect both itself as well as its business continuity during these unprecedented times?

Anstee advises that organisations need to apply best practice defences to protect VPN endpoints in the same way that customer-facing services are protected. This could include:

  • Extending current capabilities, making sure that traffic to VPN endpoints is routed through an existing suite of on-premises DDoS solutions;
  • Upgrading licences if required, to handle additional throughput;
  • Adding new defence capabilities to networks, either physically or as virtual network functions; and
  • Ensuring speed of reaction, for example via on-premises DDoS protection solutions.

Anstee says that hybrid DDoS defences, which combine localised protection with cloud-based backup, constitute the current best practice for complete protection.

In conclusion, Hamman adds, “The global pandemic is obviously having a huge impact on businesses around the world as they continue trying to operate. As South Africans speculate on whether the government will lift the lockdown in a phased approach, it does seem reasonable to assume that remote working for many will be here for at least a while longer. We therefore urge companies to ensure that they have put in place the required cybersecurity measures to protect their remote workers as these unprecedented times continue for the foreseeable future.”

NETSCOUT products and solutions are distributed throughout Africa by value-added distributor, Networks Unlimited Africa.

Please contact Janco Taljaard at [email protected] for more information.