UPDATE: How enterprise networking is changing with a work-at-home workforce

As the coronavirus spreads, public and private companies as well as government entities are requiring employees to work from home, putting unforeseen strain on all manner of networking technologies and causing bandwidth and security concerns.  What follows is a round-up of news and traffic updates that Network World will update as needed to help keep up with the ever-changing situation.  Check back frequently!

UPDATE 4.10

 

The Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) on April 8 released new guidance on how remote government workers and potentially others should address network security.  The “interim Trusted Internet Connections (TIC) 3.0 guidance to aid agencies in securing their network and cloud environments.” CISA wrote: “While this prior work has been invaluable in securing federal networks and information, the program must adapt to modern architectures and frameworks for government IT resource utilization. Accordingly, OMB’s [Office of Management and Budget] memorandum provides an enhanced approach for implementing the TIC initiative that provides agencies with increased flexibility to use modern security capabilities.”

Verizon said customers are paying attention to state government stay-out-home orders because the number of cell site handoffs continued to decline. Cell site handoffs are the times when a data session moves from one cell site to another as users walk or drive around. According to the latest Verizon Network Report, handoffs have decreased by 35% nationally compared to a typical day, down another 6% from what was reported last week. Handoffs are influenced by geography and network design, and provide a directional view of the changing patterns of American life. Verizon said its New York Metro and upstate New York markets showed the biggest declines at 51% and 61% respectively vs. a typical day. Other Verizon markets like the Mid-Atlantic/Greater Washington, D.C. metro area and New England also showed significant declines of 39% and 41%, respectively, with the Southern California and Northern California markets both declining 41% vs. a typical day. In the southeast, mobile handoffs are significantly down with week-over-week drops of 18% in the Georgia/Alabama market, declines of 16% in the Carolinas/Tennessee market, 10% in Florida, and 9% in the Gulf Coast market, Verizon stated.

ICANN.Org said it has joined Domain Name Service (DNS) registries, registrars, security experts, law enforcement, Internet engineers, and others, in the COVID-19 Cyber Threat Coalition (CTC). The CTC said its goal is to, “operate the largest professional-quality threat lab in the history of cybersecurity out of donated cloud infrastructure and with rapidly assembled teams of diverse, cross-geography, cross-industry threat researchers.”  The group talked about the impact of COVID-19-related attacks and stated that credential phishing (33%) and scams (30%) are the most common tactics respondents reported, but malicious documents (18%) are also a popular attack vector.  In related news, the Cybersecurity and Infrastructure Security Agency (CISA) Threats warned of COVID-19 network security issues with the most common including:

  • Phishing, using the subject of coronavirus or COVID-19 as a lure,
  • Malware distribution, using coronavirus- or COVID-19- themed lures,
  • Registration of new domain names containing wording related to coronavirus or COVID-19, and
  • Attacks against newly—and often rapidly—deployed remote access and teleworking infrastructure.

The Cofense Phishing Defense Center  (PDC) warned of a new phishing campaign that aims to harvest Cisco WebEx credentials via a security warning for the application, which Cisco’s own Secure Email Gateway fails to catch. The phishing operation comes as Cisco’s WebEx traffic is exploding.  The company said its Cisco WebEx traffic grew 2.5 times in the Americas and four times in Europe. WebEx traffic from China is up 2,200%(6), with more than 73 million meetings in March and more than 324 million active attendees. That’s two times as much as it typically handle on a high-traffic day.

AT&T reports that its core network traffic — which includes our business, home broadband and wireless usage — was up 24% through April 7 compared to a similar day in February.  Wireless voice minutes of use were up 23% compared to an average Tuesday (April 7) and consumer home voice calling minutes of use were up 33% from an average Tuesday. Wi-Fi calling minutes of use were up 80% from an average Tuesday, AT&T stated. 

BroadbandNow reports that Internet performance in the U.S. is improving, with 97 cities (48.5%) recording download speed degradations this week (down from 117, or 59% last week – through April 8). In addition 139 cities (69%) have reported upload speed disruptions, which is also down from last week’s 144, or 72%, according to BroadbandNow monitoring.  Three cities are experiencing upload speed drops of greater than 40%, including Baltimore, Maryland, Los Angeles, California, and Flushing, New York. And four cities are still experiencing significant download speed drops: Lawrenceville, Georgia, Rochester, New York, Saint Paul, Minnesota, and new addition Evansville, Indiana.

UPDATE 4.3

In an April 2nd call with the Federal Communications Commission chair, the nation’s largest telecom and broadband providers reported network usage during the COVID-19 pandemic had risen about 20-35% for fixed networks and 10-20% for cellular networks in recent weeks. In general, company representatives reported that their networks were holding up quite well, and they expected that resilience to continue. In their conversation with Chairman Ajit Pai, no providers expressed concern about their networks’ ability to hold up to increased and changing demand. 

“Operators cited a general migration of traffic to suburban, exurban, and residential areas as more people work, learn, and access services from home during the pandemic.  They said they would continue to monitor hotspots to be ready for any issues and proactively increase capacity in case peak traffic rises unexpectedly,” the FCC stated. The call included Altice USA, AT&T, CenturyLink, Charter, Cincinnati Bell, Consolidated Communications, Comcast, Cox, DISH, Frontier, Hughes, Mediacom, Northwest Fiber, Sprint, T-Mobile, TDS Telecom, TracFone, U.S. Cellular, Verizon, ViaSat, and Windstream.

Broadband Now reported on April 1 that more of America’s most populous cities saw decreases in median download speeds this week compared to the last. 117 cities (59%) have now shown signs of potential network strain, up from 88 cities (44%) in the previous week’s report.  The company wrote that 117 (59%) of the top 200 cities it was tracking have experienced download-speed degradations over the past week compared to the first 10 weeks of 2020. Five cities have observed download speed dips greater than 40%. In addition, 144 (72%) cities have experienced degradation in upload speeds, with three seeing decreases greater than 40%.

Verizon reported that its Northeast and Mid-Atlantic regions appear to have the most people in the nation staying at home, according to its Verizon Network Report. Online collaboration surge nearly 10X versus a typical day, and growth in other internet uses has started to stabilize.

Meanwhile, AT&T said its core network traffic – which includes business, home broadband and wireless usage – was up 18% through April 1 compared to the same day in March. In a blog AT&T also noted a 700% increase in connections to its secure, cloud-based SD-WAN Static Network Based (ANIRA) service in the past few weeks.  ANIRA uses IPSec to authenticate and encrypt data packets over the broadband network.

As many business and consumer users deploy videoconference services one of the most popular – Zoom – has also attracted attackers.  So much so that the FBI on April 1 issued a warning saying that as large numbers of people turn to video-teleconferencing (VTC)  to stay connected, reports of VTC hijacking, or “Zoom-bombing,” are emerging nationwide.

Malicious actors may target communication tools including VoIP phones, video conferencing equipment and cloud-based communications systems to overload services and take them offline or eavesdrop on conference calls. Cyber actors have also used VTC hijacking to disrupt conferences by inserting pornographic images, hate images or threatening language.

As a result, some companies have banned or limited the use of Zoom, reports say. Reuters for example wrote that Elon Musk’s rocket company SpaceX has banned its employees from using Zoom, citing “significant privacy and security concerns.” The FBI offered the following steps to help mitigate the problem:

  • In Zoom, there are two options to make a meeting private: require a meeting password or use the waiting room feature and control the admittance of guests.
  • Do not share a link to a teleconference or classroom on an unrestricted publicly available social media post. Provide the link directly to specific people.
  • Manage screensharing options. In Zoom, change screensharing to “Host Only.”
  • Ensure users are using the updated version of remote access/meeting applications. In January 2020, Zoom updated their software. In their security update, the teleconference software provider added passwords by default for meetings and disabled the ability to randomly scan for meetings to join.

UPDATE: 3.30

AT&T said its core network traffic – which includes business, home broadband and wireless  – was up 24% through March 30 compared to the same day last month.  It broke down some mobility traffic patterns as well: voice calls: +33%, instant messaging: +63%, text messaging: +41%, email: -18%, web browsing: -5%, video: +4% (also accounts for over half of all mobility traffic). It also usage for conferencing: AT&T’s global audio-conferencing solution: +200%; audio, web and video conferencing tools: +400%; Large-scale webcast events: +200%.

AT&T said its investment in artificial intelligence technology is helping it keep up with demand. For example, the company said AI is helping remotely troubleshoot and diagnose problems with customer equipment, by identifying the cause or even proactively identifying a potential issue before it occurs. “We’ve expedited deployments of new AI capabilities in certain markets that will allow us to balance the traffic load within a sector and across sectors to help avoid overloading specific cells and improve the experience.”

DNS vendor BlueCat says it has been tracking the use of DNS over HTTPS (DoH) – a method of encrypting queries to prevent visibility into DNS traffic patterns.  Over the last week through March 27, the company said it has  seen a massive increase in the use of DoH across its customer base wrote Ben Ball, director of strategy and content marketing at BlueCat in a blog about the trend. “In the course of a single weekend, the number of endpoints attempting to use DoH went from an average of 90 to about 1,400.  That’s a 1,500% increase in the use of DoH. Around 45% of these queries are from Firefox (which now activates DoH by default).  Aside from that, we’re seeing queries to eleven different DoH services from all kinds of applications. DoH usage is fairly uniform across our customer base as well – this isn’t one company or industry vertical; this is a broad trend. While we haven’t seen any clear indications that any of these queries are from DoH enabled malware, that is an emerging threat that we are tracking,” Ball stated.

Ookla’s SpeedTest shows mean download speed over fixed broadband declined only slightly in Mexico and the U.S. when comparing the week of March 23 to that of March 16, while a decline in Canada’s mean download speed over fixed broadband was more evident. Mean download speed over mobile was down in the U.S. and Canada during the week of March 23, while it rose slightly in Mexico during the same period.

UPDATE 3.27

Broadband watchers at BroadbandNow say users in most of the cities it analyzed are experiencing normal network conditions, suggesting that ISP’s (and their networks) are holding up to the shifting demand. In a March 25 post the firm wrote: “Encouragingly, many of the areas hit hardest by the spread of the coronavirus are holding up to increased network demand. Cities like Los Angeles, Chicago, Brooklyn, and San Francisco have all experienced little or no disruption. New York City,  now the epicenter of the virus in the U.S., has seen a 24% dip out of its previous ten-week range. However, with a new median speed of nearly 52 Mbps, home connections still appear to be holding up overall.”

Other BroadbandNow findings included:

READ MORE HERE