The COVID-19 pandemic revealed many operational challenges, even for the largest companies in the world. The work-from-home environment and a shopping experience that went online seemingly overnight put severe strains on delivery services like UPS and FedEx, as well as larger retailers like Amazon and Walmart as shoppers “stocked up” on everything from toilet paper to batteries to their favorite protein bars.
The surge in demand called for deployments on a massive scale—and that scale was not immediately available from these retailers and their delivery partners. A series of bottlenecks occurred, and customers who have become accustomed to two-day delivery found it was no longer guaranteed. The bottlenecks experienced throughout the supply chain pinpointed some severe weaknesses in the last-mile delivery process.
Some speculated that the internet itself would face similar issues, crumpling under the pressure of new types and volumes of traffic. When every company that could established work from home guidelines, and schools moved to a remote learning environment, the expectation was that with the expanded use of software-as-a-service (SaaS) tools such as video conferencing, the network might be impacted. That has not happened despite the significant increases in traffic and DDoS attacks. When people, processes, and technology work right, internet infrastructure is incredibly resilient.
In our recent Online Traffic and Cyber Attacks During COVID-19 report, we evaluated the volume of traffic and the impact of these “at home” initiatives as the pandemic escalated, then examined specifically the impact of DDoS attacks on the network during the same timeframe.
DNS operates as Google Maps for internet traffic, giving it a roadmap home to its ultimate destination. Neustar Security Services’ UltraDNS network spans across 30 globally distributed nodes and includes top-level domain (TLD) and second-level domain (SLD) name servers as well as public open resolvers. As part of the report, we evaluated aggregate traffic by week across all three services during the February 1 – May 1 period. We saw a noticeable rise in traffic in mid-March, which correlates with the dates that businesses and US schools began to implement stay-at-home policies. One interesting thing to note was that the gradual rise in query numbers after the initial rise culminated in another sharp uptick about a month after isolation policies began to take hold.
The pandemic also highlighted how some industries (and even individual companies) saw sharper rises in traffic at different points during the timeframe measured. Retail, for example, saw a sharp increase that quickly dropped off after its initial ramp up, while the travel industry dropped dramatically but saw signs of life again in mid-April. Streaming services saw an impressive initial jump then a gradual evening out as the pandemic continued.
The pandemic effect is also clearly illustrated in traffic to specific websites as lockdowns commenced. As for individual sites, one example is the increase of queries for a popular collaboration platform that is available via a “.us” TLD, managed by Neustar Security Services’ servers. Queries increased by 250 percent as users replaced physical meetings with video meetings.
DDoS Attacks during the COVID-19 Pandemic
DDoS attacks come from all around the world to a target destination. The Neustar Security Services’ UltraDDoS Protect cloud-based mitigation infrastructure serves a final stop for traffic, where attack is scrubbed and clean traffic is delivered to its final destination.
Looking at the rise in traffic above, it seems like a logical assumption that as internet traffic rises, so too do attacks. And while that certainly was the case during the time period measured, what was surprising to all of us at Neustar Security Services was the dramatic upturn in the overall number of attacks as well as in attack severity, which considers the volume of attack and attack intensity. Neustar Security Services’ UltraDDoS Protect service mitigated more than double the number of attacks in Q1 2020 than in Q1 2019, and in Q2 2020, we mitigated one of the largest attacks in internet history, at 1.17 Tbps.
It is interesting to visualize these trends in an aggregate fashion. In the first half of May, for example, the maximum intensity of attacks was relatively low, as was the maximum volume of attacks. However, the number of attacks between May 1 and May 15 dispelled the thought that attacks would slow further. During this period, Neustar Security Services mitigated a larger number of attacks than any other period in Q1 2020.
Just because the internet is resilient doesn’t mean it is easy. It takes an immense amount of planning, training, and excellence under pressure to make it work in a seemingly seamless fashion for the end user. We experienced one of those rare moments of internet fragility in mid-June, and it had nothing to do with changes in post COVID-19 traffic patterns or any subsequent attacks.
Sprint suffered nationwide outages that even impacted customers from other carriers. According to Sprint’s CTO, “The trigger event is known to be a leased fiber circuit failure from a third-party provider in the Southeast. This is something that happens on every mobile network, so we’ve worked with our vendors to build redundancy and resiliency to make sure that these types of circuit failures don’t affect customers. This redundancy failed us…”
Sprint handled this situation with great candor and accountability, and I applaud them for it. Resilient infrastructure and a strong network foundation, technology, like people, is fallible. Dealing with crisis situations with transparency is critical. I am proud of the way the Neustar Security Services networks scaled to spikes in demand and how the team responded during the early days of the COVID-19 pandemic—with great agility, operational excellence, and customer sensitivity. It is something you can—and should—always expect from us.
For more information on the traffic and attacks seen on the network during the early days of COVID-19, review the full report.
