Although we generally tend to think of cyberattacks as being waged against specific entities such as enterprises or service providers, NETSCOUT has identified another massive target for attackers: the connectivity supply chain.
Connectivity supply chain is the term NETSCOUT uses for this attack surface because it is made up of all the technologies and services that enable companies and individuals to stay connected to the internet. This includes services that underpin all interconnected devices—enterprise Internet of Things (IoT), computers, mobile phones, and so forth—as well as services that enable enterprises to digitally transform and move resources to the cloud.
Attackers have long been focused on bringing down services that underpin connectivity, targeting both subscribers and the operational infrastructure of the companies themselves. But the dramatic increase in attacks—especially distributed denial-of-service (DDoS) attacks—since the beginning of the COVID-19 pandemic isn’t a coincidence.
As shown in the latest NETSCOUT Threat Intelligence Report, in the 1st half of 2021 service providers that provide connectivity accounted for four of the top 10 verticals targeted by DDoS attacks. Wired telecom carriers took top billing, with 283,516 attacks; wireless providers were third with 84,151 attacks; all other telecommunication carriers were seventh with 14,628 attacks; and telecom resellers were ninth with 2,175 attacks.
Not surprisingly, increases in attacks against these suppliers of connectivity have coincided with increases in attacks against the enterprises that utilize them. This has been especially true since the beginning of the pandemic, which forced enterprises to support work-from-home (WFH) and remote-work initiatives much faster than expected.
Specifically, attackers have focused their attention on technologies that enable things such as cloud computing to function over the internet—especially Domain Name System (DNS) servers, virtual private networks (VPNs), and internet exchanges.
The good news is that service providers and enterprises can take several steps to protect the connectivity supply chain against DDoS attacks, including:
- Ensuring compliance with industry best current practices (BCPs) for organizations with business-critical public-facing internet properties.
- Implementing appropriate DDoS defenses for public-facing internet properties and supporting infrastructure.
- Performing recurring, realistic tests of the DDoS mitigation plan for organizations that operate mission-critical, public-facing internet properties and infrastructure.
- Customizing countermeasure selection, tuning, and deployment.
For more information about protecting the connectivity supply chain, read our white paper “The Weakest Link: Attackers Target Connectivity Supply Chain to Disable Enterprise Internet Connectivity,” or get in touch with a security specialist today.