Why Are VPNs Such PrimeTargets for DDoS Attacks?

Why Are VPNs Such PrimeTargets for DDoS Attacks?
NETSCOUT

It seems as if each day brings more harrowing stories about DDoS attacks that have been waged against enterprises, with each attack seemingly lasting longer and costing more than the ones before. There’s almost a tendency to view the bad actors who wage these DDoS attacks as masterminds of new technology and strategies for bringing down the networks of global enterprises.

In reality, however, many of the DDoS attacks waged against enterprises target components that have long been a part of the network—things such as virtual private network (VPN) devices, firewalls, load balancers and other edge devices. Such devices contain state information used to route and manage traffic. This makes them susceptible to DDoS attacks. More specifically, state exhaustion DDoS attacks which are designed to fill finite sized state tables with illegitimate connections - ultimately denying legitimate connections access to the services behind them.

According to NETSCOUT’s 1H 2021 Threat Intelligence Report, more than 41,000 DDoS attacks were leveled against commercial VPNs in the first half of the year. With this level of threat, it’s vital for enterprises to understand why bad actors target VPNs and what can be done to stop such attacks.

Severing a Needed Connection

As the pandemic has forced companies to support work-from-home (WFH) and other remote-work initiatives, those enterprises increasingly have turned to VPNs to link remote workers to corporate resources. At the same time, cyberattacks have increased DDoS attacks against VPNs—for several reasons.

Such attacks disconnect users from their organization’s online assets, and they also serve to prevent security teams from responding to these and other types of cyberattacks. But the pandemic also forced enterprises to expand digital services to customers and vendors, massively expanding the potential impact of an attack against the corporate VPN.

According to NETSCOUT’S Worldwide Infrastructure Security Survey (WISR), cybercriminals know that corporations are more exposed while employees are working remotely, which provides the only motivation they need to launch targeted DDoS attacks against VPNs and other stateful devices. In fact, 83 percent of WISR enterprise respondents reported DDoS attacks targeting firewalls and/or VPN devices contributed to a service outage—an increase of 21 percent from 2019.

The Solution: Intelligent, Stateless Mitigation

The only way to stop DDoS attacks against enterprise VPNs is to implement an intelligent DDoS mitigation solution that operates in a stateless or semi-stateless manner and integrates the following features:

  • Predominantly uses stateless packet processing technology.
  • When stateful inspection is required, make use of an ephemeral challenge to determine the legitimacy of the connection.
  • Is deployed on customer premises, northbound of firewall, VPN gateway, and other stateful devices.
  • Easily integrates into the cybersecurity stack

To learn more about the inherent weaknesses of stateful devices such as VPNs, read our white paper Enemy of the State: Why DDoS Attacks Against Stateful Devices Have Massively Increased—and What to Do About It, or contact us today.