COVID-19 has dramatically impacted how businesses operate around the world. When a virus makes it impossible for employees to go into the office, transitioning to telework is the logical solution. However, this switch to remote work can create new cybersecurity challenges for an organization. One of these is a new reliance on virtual private networks (VPNs).
A VPN is necessary to ensure secure connections between remote workers and the enterprise network, but it can also be a single point of failure. VPN endpoints are a prime target for cybercriminals wishing to disrupt a business’s operations, or make a profit, via a Distributed Denial of Service (DDoS) attack. Protecting against these attacks requires specialized protections, such as a DDoS mitigation solution.
Business Impacts of the COVID-19 Pandemic
The COVID-19 pandemic has had major impacts on “business as usual” for organizations around the world. One of the biggest impacts is a forced transition to telework for most or all of the organization’s employees.
Official policy from healthcare providers is that the best way to minimize the fatalities associated with COVID-19 is to “flatten the curve”. As a result, many governments have issued a stay at home orders for their populations, making it inadvisable or even illegal for businesses to operate on-site unless they are labelled as “essential”.
For some businesses, such as factories or healthcare, telework is impossible. However, many organizations have transitioned over to a remote workforce. When doing so, cybersecurity is a major priority for these organizations. Employees working remotely are connected to personal networks that lack the security of the enterprise network and maybe misconfigured, making them easier to attack.
For this reason, the use of VPNs has skyrocketed during the COVID-19 crisis. VPNs provide the necessary level of security for remote workers by ensuring that the employee’s connection to the enterprise network is secure and reducing the probability that remote workers will be infected by malware.
Increased VPN Usage Creates Strain
The sudden shift from a mostly on-site workforce to a mostly or wholly remote one caught many organizations unprepared. While VPNs are relatively easy to deploy at the client-side, all inbound connections must be terminated at a VPN endpoint on the enterprise network as well. This can create infrastructural challenges for organizations attempting to scale to meet the needs of a remote workforce.
The process of decrypting inbound communications and encrypting outbound ones is computationally expensive, meaning that existing solutions may struggle to handle the increased demand for VPN connectivity.
Also, the use of VPN connections for all of an employee’s business traffic puts additional strain on an organization’s next-generation firewall (NGFW) since traffic that would normally be internal to the network (and not visible to the firewall) now is external and must be inspected for malicious content.
VPN Servers Could Become a Target
During the COVID-19 pandemic, an organization’s VPN servers are a vital component of their ability to operate since they are the means by which employees working remotely can access the network.
These servers are also, by necessity, exposed to the public Internet since they must be accessible to employees working remotely. As a result, these systems are a perfect target for cybercriminals attempting to degrade an organization’s ability to operate.
DDoS attacks are designed to target a bottleneck in an application and overwhelm it with more traffic or requests that it can handle. VPN servers are a prime target for cybercriminals during the COVID-19 pandemic because they are critical to an organization’s functioning and have a few different bottlenecks to target.
One of these bottlenecks is the number of CPU resources available on the machine. Processing encrypted VPN traffic is extremely computationally expensive, meaning that there is an upper limit to the amount of data that a VPN endpoint can handle at a time. An authenticated user of the VPN service (or a hacker with compromised credentials) could exceed this threshold and render the VPN unusable.
However, user authentication is not vital to attacking VPNs with DDoS attacks. Every VPN endpoint has a maximum number of open connections that it can manage at any one time. Many of the leading VPN providers offer SSL VPNs, which are easy to use but also easy to attack.
A cybercriminal can start a number of SSL connections to the VPN endpoint but then not complete them. The server is required to leave these connections open for a set period of time (in case the client is simply having network issues), meaning that fewer connections are available to legitimate users.
Ensuring Business Continuity During a Crisis
VPN connectivity is essential to an organization’s ability to maintain business continuity during a crisis. When employees are unable to go into the office, due to “stay at home” and “shelter in place” orders, transitioning to telework is a logical way to minimize the impact on business operations. In order to ensure the security of sensitive data and protect these workers against cyberattacks, a VPN connection to the enterprise network is required.
However, these VPN connections are reliant on a VPN server, which can be targeted by DDoS (and other) attacks. The nature of a VPN means that an organization cannot simply block inbound connections from unknown IP addresses (since they may be legitimate teleworkers). Instead, it is necessary to deploy specialized protections for these VPN servers, such as a DDoS mitigation solution.