Subscribe to our Newsletter


click to dowload our latest edition

CLICK HERE TO SUBSCRIBE TO OUR NEWSLETTER

OpEds

PJs, VPNs, and DDoS – how it all adds up

Published

on

When the COVID-19 pandemic began, there were many conversations about how people felt about being forced to work from home. Some missed office chats with colleagues, human interaction, and just dressing up and getting out of the house.

No one, it seems, missed the commute. Quarantine wardrobes (in other words, serious tops and casual pyjama bottoms) are today the norm rather than the exception, and one of the better outcomes of the forced work-from-home scenario. Adobe International’s research found that pants sales dropped 13%, and jackets 33%, while online pyjama sales increased a whopping 143%.

The new reality has forced most of us to work with various video conferencing solutions. Zoom, for instance, reported last month a maximum of 10 million daily users.

Video conferencing and VPNs (virtual private network – an internet programme that provides safer, encrypted connectivity) have become our lifelines. A great effort was made earlier this year to scale up these remote access services and support entire employee bases, as this was the only way to ensure business continuity.

This sudden overall dependency on VPNs has exposed many of its inherent vulnerabilities. The biggest challenge is security, specifically Distributed Denial of Service (DDoS) attacks.

To explain, DDoS is the cyber security nightmare for any connected enterprise. A DDoS attack makes it impossible for an internet service to be delivered. It brings down systems by attacking systems not from one, but from many points of entry. VPNs are easy targets, and multiple users accessing the network via VPNs dramatically increase the impact of these attacks.

As a result, DDoS attacks have increased 542% from the beginning of COVID-19, with more than 4.83 million attacks in the first half of this year.

The industries most hit include retail, telecoms, government, and financial/banking websites and infrastructure. In March 2020, the United States Department of Health and Human Services was hit by a DDoS attack just as the agency was scrambling to provide information and critical services in response to the COVID-19 pandemic.

Shopping from home should have helped ecommerce. However, more than 929 000 DDoS attacks occurred in May, representing the single largest number of attacks ever seen in a month. In 2020, the percentage of DDoS attacks on the telecoms industry grew by 31%.

So what makes VPNs vulnerable? Before COVID19, companies didn’t rely heavily on VPNs, which would explain why many companies may not have bothered to validate that their DDoS mitigation (cyber) solutions were configured correctly to protect them. More importantly, there is no single default DDoS mitigation configuration setting that works for all VPNs. This means that companies need to validate their DDoS mitigation configurations against multiple possible DDoS attack “vectors” at a time when maintenance windows are hard to find.

It’s also quite possible that enterprises rely on sophisticated DDoS mitigation and testing solutions to mitigate attacks. But these solutions are all essentially reactive, moving to action only after a DDoS attack has been launched. With vulnerable VPNs, scarce teams, and a full-on DDoS attack, how effective can mitigation solutions be? Research indicates that companies are often left with a staggering 48% DDoS vulnerability level!

People are trying different options, but there is one possible solution that can challenge this, something called RADAR, which simulates DDoS attacks 24/7 without having an impact on operations.

It’s an Israeli-made patented solution, and provides enterprises with real-time validation and remediation capabilities of their DDoS mitigation solutions. This way, vulnerable DDoS configuration mismatches can be continuously identified and resolved in real time and re-validated immediately through the RADAR™ platform.

  • Mali Cohen Denzinger is vice-president of marketing at MazeBolt, an international cyber security company.

Continue Reading
1 Comment

1 Comment

  1. Ian Schwikkard

    January 12, 2021 at 11:11 am

    i LIKE THIS

Leave a Reply

Your email address will not be published. Required fields are marked *