What Are the Weak Links in the Connectivity Supply Chain—and Why Is NETSCOUT Seeing So Many More Attacks?

Weak Links in the Connectivity Supply Chain

As explained in a previous blog, “What Is the Connectivity Supply Chain, and Why Do Attackers Care?”, NETSCOUT has been tracking increased distributed denial of service (DDoS) attacks against the connectivity supply chain—the moniker we’ve given to the technologies and services that enable companies and individuals to stay connected to the internet.

There are two important factors to take into consideration here: identifying the weak links in the connectivity supply chain, and understanding why NETSCOUT is seeing so many more DDoS attacks against this vital business artery than other companies are reporting.

What Are the Weak Links in the Connectivity Supply Chain?

There are four areas of particular concern in the connectivity supply chain that enterprises should understand to protect their resources from DDoS attacks and ensure uninterrupted connectivity:

  • According to the latest NETSCOUT Threat Intelligence Report, there were about 4,000 DDoS attacks in the first half of the year that targeted the Domain Name System (DNS), the database that stores internet domain names and translates them into IP addresses. Most frequently, these were DNS reflection/amplification DDoS attacks that cause connection and timeout issues for websites.
  • More than 41,000 attacks were leveled against virtual private networks (VPNs), the use of which skyrocketed during the COVID-19 pandemic as enterprises were forced to support remote-work initiatives. Attacks such as the Lazarus Bear Armada (LBA) DDoS extortion campaign against VPNs disconnect users from enterprise assets and prevent security teams from responding to attacks.
  • Internet Exchanges experienced more than 1,000 DDoS attacks during the first half of the year, 70 percent of which were TCP SYN floods.

The most important aspect of attacks on these critical areas of connectivity is the collateral damage inflicted. Even if the attack does not take the component fully offline, these services represent hundreds of thousands, if not millions, of consumers, and are the gateways to everything we do online. Take one down, and you impact a huge array of people, organizations, and service providers

Why Is NETSCOUT Seeing So Many More Attacks?

If the number of DDoS attacks against the connectivity supply chain seems much higher than is being reported by other security firms, it’s not a mistake on our part. Because of NETSCOUT’s unique partnerships with almost every ISP in the world, we are able to see attacks that occur on those ISP networks, as well as those targeting their customers’ networks—giving us a much wider spectrum of visibility than other firms have.

For more information about the weak links in the connectivity supply chain and how to protect against DDoS attacks, read our white paper The Weakest Link: Attackers Target Connectivity Supply Chain to Disable Enterprise Internet Connectivity, or get in touch with a security specialist today.