Increase in Small DDoS Attacks Could Take Down VPNs

Data breaches and ransomware might hog the headlines, but don’t forget to pay attention to DDoS attacks. According to research from Neustar, DDoS attacks increased by 168% in Q4 2019 compared to the same period in 2018. However, despite a year ago or so ago, when the attacks were getting bigger and longer, the opposite seems to be happening. There was a more than 250% increase in attacks in the 25Gbps to 50Gbps range, but also a surprisingly large leap (more than 150%) in very small attacks, those under 5Gbps. In fact, more than 80% of all attacks were small attacks.

“Large, headline-making DDoS attacks do still take place, but many cybersecurity professionals believe that smaller attacks are being used simply to degrade site performance or as a smokescreen for other forms of cybercrime, such as data theft or network infiltration, which the perpetrator can execute more easily while the target’s security team is busy fighting a DDoS attack,” Rodney Joffe, senior vice president, senior technologist and fellow at Neustar, said in a formal statement.

“Furthermore,” he added, “with the current move of the bulk of the workforce globally to a work-from-home model, we expect to see a significant increase in DDoS attacks against VPN infrastructure. This risk makes an ‘always on’ DDoS mitigation service even more critical.”

Taking Advantage of the WFH New Normal

Millions are working at home now, and that is giving the bad guys an upper hand. Security and IT teams are working remotely, too, and they are tasked with maintaining and protecting a workforce connecting to the network via VPN.

“Most organizations use old, antiquated remote VPN applications and concentrators which work in a hub-spoke architecture,” Dileep Mishra wrote in a Radware blog post. “This is because VPNs were always considered to be a ‘fill the gap’ piece of the IT infrastructure, meant for workers on business travel or for people accessing the company resources off-hours.”

VPNs were designed to handle a small number of remote workers, not the entire company. So their architecture is already pushed to its limit. Even a very small DDoS attack could crash a VPN server, leaving all of those work-from-home employees with no way to get work done and making it difficult, if not impossible, for security and IT teams to mitigate the problem.

DevOps Connect:DevSecOps @ RSAC 2022

It’s Not Just VPNs

These small DDoS attacks aren’t just impacting VPNs. Mobile and IoT devices are also seeing an uptick in attacks. A report from A10 released in mid-March also looked at the DDoS landscape and found that hackers are relying on IoT to amplify their DDoS attacks. This matches Neustar’s research, which found “a number of amplification attacks that made use of intermediate services to generate large amounts of traffic from small requests. … Perhaps inspired by the success of this attack, cybercriminals have been busy this year looking for intermediate services that offer an amplification factor.”

Also, research has shown that mobile devices are a rising vector for DDoS attacks. As Dark Reading explained, “Mobile devices continued to be a significant source of attack traffic, with 41% of application attacks coming from mobile gateways and three-quarters of that traffic coming from Apple iOS devices.” IoT and mobile are so susceptible, the article added, because they are always on—and now even more so, as employees depend on these devices to handle every facet of communication with the outside world.

Right now the economy is staying afloat in large part because of the ability for mass amounts of employees to work remotely and for all of us to handle services electronically that we once did in-person. Keeping the network up and running is more vital than ever, but it is also going to be more difficult than ever if hackers continue to utilize small, disruptive attacks that overload our systems.

As the Neustar report warned, don’t be lulled into thinking that DDoS attacks are old news just because we aren’t hearing about massive attacks. The reality is that DDoS attacks are happening more frequently when the need to protect the internet infrastructure has never been more important.

Sue Poremba
Featured eBook
The State of Cloud Native Security 2020

The State of Cloud Native Security 2020

The first annual State of Cloud Native Security report examines the practices, tools and technologies innovative companies are using to manage cloud environments and drive cloud native development. Based on a survey of 3,000 cloud architecture, InfoSec and DevOps professionals across five countries, the report surfaces insights from a proprietary set of well-analyzed data. This ... Read More
Palo Alto Networks

Sue Poremba

Sue Poremba is freelance writer based in central Pennsylvania. She's been writing about cybersecurity and technology trends since 2008.

sue-poremba has 208 posts and counting.See all posts by sue-poremba