From the perspective of Security Sales Engineer, Erick Caldera.
Working in network security, I find myself spending a significant amount of time talking to technical leaders around the globe regarding their security concerns. In 2020, there seemed to be one resounding theme, “I am seeing more and more Distributed Denial of Service (DDoS) attacks on my network”. For those of us in the security industry, we already understand that the vast majority of DDoS attacks are not the massive headline grabbing ones that target large, high profile, institutions and affect thousands, if not millions, of people. Instead, most attacks we see, to a very disproportionate degree, are much smaller, with the primary purpose of disrupting services out of what can only be assumed be displeasure, dissatisfaction, pure malice or now even more common, Ransom DDoS.
However, I find myself asking “why” in a period of a worldwide pandemic, that is forcing so many of us to stop traveling and perform our work and attend school from home. Due to remote working and education, access to the internet and its resources is more critical than ever. With that being said, I now understand why I continued to hear the challenge being faced with the increasing amount of DDoS attacks. With internet availability being a vital tool for day-to-day responsibilities, DDoS protection is needed now, more than ever.
Apart from the obvious Ransom type DDoS, where the intent is financial gain at the expense of suffrage to others, what, as a result of this worldwide event affecting most of us, is driving this increase in DDoS attacks? My intent is not to try to find finite answers to this, but rather a stream of consciousness reflecting on what could be driving such an increase.
While an argument based on political ideology, dissatisfaction of services, etc… could be made, most of these reasons are typically regionalized in nature and isolated. In my mind, one thing that is common around the world, since the start of the pandemic, is the drive to control the spread of a virus by ways of lockdowns, social distancing, and bans that keep most of us at home and physically away from friends and family. Now, could this translate to more DDoS attacks?
Well, could it be that boredom is the factor? One could argue that the current state most of us find ourselves in leads to more time online, more time paying attention to things we typically would overlook and ample time for a select few to find methods of “making a point” of their dissatisfaction; another industry known fact is that it is extremely easy to find and buy our way into launching a DDoS attack, no prior experience needed.
Kids in virtual school…. It is nothing new for kids to launch attacks on school networks to get out of homework assignments, tests, etc… but, now that remote learning seems to be the most common way of our kids attending school, it is plausible to surmise that this is a large contributing factor to the DDoS increase we are seeing.
Weaponization of work and school from home devices… another possibility is that the more advanced attackers have access to more resources given that the typical security layers encountered at the workplace and school networks such as IPS/IDS, AV, NGF, are not present on home networks and thus the ability to hijack these devices, for the purpose of performing attacks, has become easier. This would also make sense for the bad actors trying to make money out of intimidation.
Could one, or all of these, be the reason for this increase in attacks? Sure, but it is likely there are a lot more than cited and I may never truly be able to understand all the reasons behind this trend. However, understanding them will not solve the problem for most of us, so finding solutions that ensure the security and integrity of our network becomes the priority.
Securing a network can be more of an art form, that typically takes layers of tools (such as firewalls and always-on, real-time DDoS protection) and sound procedural practices. One action that institutions should take, in ensuring that these attacks do not affect their business or the services they provide, is evaluating their DDoS posture and ensuring they have the adequate tools to avoid losses and downtime.