The COVID-19 virus has attacked more than just health and people’s freedom of movement. It has also succeeded at undermining online security as more organizations and people rely on their online presence exclusively and turn to internet-based work, study, purchases and communications. The traffic spikes characteristic of the early part of the crisis have started to stabilize, meaning that uptime should also be stable for regular traffic, regardless of volume if you’re monitoring your availability and making provisions for redundancy. But irregular traffic booms, which are often the harbinger of a distributed denial of service (DDoS) attack is entirely another creature.
According to Nokia statistics, since the start of the coronavirus outbreak, DDoS attacks have increased by at least 40%, and their intensity and bandwidth is rising alongside frequency. It’s becoming exceedingly common that DDoS attacks are multi-vector, targeting not only your websites but your apps and APIs as well, in an attempt to thwart your normal lines of defense and catch you off guard.
Even before COVID-19 hit, DDoS attacks were up 180% in 2019 compared to 2018, and in the current moment, 80% of scams, hacks and cyberattacks are coronavirus-themed, according to Proofpoint research. Spam, bot traffic, malware, the appearance of malicious domains and phishing scams have boomed since the beginning of the COVID-19 crisis. In particular, bad actors have targeted the very companies we turn to to get key information and keep things running, such as global and national government and public agencies that provide up-to-date information on the crisis itself, and the tools we’re relying on help us communicate, work and so on during this time.
Clearly, as evidenced by the increase in slippery multi-vector attacks, new avenues of attack are constantly being invented. No means of protection is foolproof, but mitigation and design can lend a big helping hand in warding off the worst of what you may face.
Much like the old adage “an ounce of prevention is worth a pound of cure” or even the more current theme of “flattening the curve” -- taking preventive action to detect attacks before they happen and adversely affect your business makes sense. If you put such measures in place before you need them, it’s possible you will never deal with the costly experience of an outage, or can at least gain control of and stop the attack before it can do serious damage.
Varnish offers a number of mitigation techniques to alleviate DDoS attacks (as well as other security concerns):