As the coronavirus spreads, public and private companies as well as government entities are requiring employees to work from home, putting unforeseen strain on all manner of networking technologies and causing bandwidth and security concerns. What follows is a round-up of news and traffic updates that Network World will update as needed to help keep up with the ever-changing situation. Check back frequently!
U.S. Cellular, using authority granted by the Federal Communications Commission, started boosting its mobile broadband capacity in parts of six states to meet increased demand during the COVID-19 pandemic.
The six states are Wisconsin, Iowa, Illinois, New Hampshire, Maine and North Carolina, and FCC approved use of extra spectrum for 60 days.
The bandwidth in the AWS-3 band that was allotted is licensed to another entity, Advantage Spectrum. Ericsson has worked with U.S. Cellular to add additional capacity to more than 200 sites to help ensure connectivity for U.S. Cellular customers.
Other service providers reported that thanks to extra capacity designed into the internet backbone and other major networks, they have survived the impact COVID-19 has had on overall traffic.
“There was some anxiety as traffic began to ramp up at the start – we’ve seen a 35% increase in internet traffic – but ultimately the networks have handled it quite well,” said Andrew Dugan, chief technology officer at CenturyLink during a conference call.
It helped that the increased traffic generated by employees newly working from homes hits the networks during the day, not evenings, which is peak time for internet usage.
Enterprises and large network operators plan for capacity months ahead of when they need it so there was headroom there, Dugan said. People who build large IP networks are proactive and engineer the network for unexpected congestion. “We had some infrastructure segments that ran hot, but we are fiber-based so we quickly were able to add capacity, and we continue to address those situations – but a byproduct of that is more capacity as well,” he said.
During AT&T’s Q1 call with analysts this week, CEO Randall Stephenson took note of heavy volumes of traffic its network has been handling. “What we are seeing is the volumes of network usage moving out of urban and into suburban areas… and we are seeing heavy, heavy volume on the networks out of homes,” Stephenson said. That traffic is being generated by work-from-home employees, students doing online classwork and commerce, he said, and “it’s impressive to see how much activity is still going on by virtue of the connectivity that’s been facilitated into the homes.”
He said network providers take a lot of satisfaction in how well the networks are standing up given that volume of traffic has increased at the same time its source has shifted.
HighSpeedInternet.com took a look at how the speed of internet service across the country is fairing and found that nationwide the average is 59.5 Mbps.
The company also looked at data from three million speed-test results and calculated the average internet speed for every city in the US, then ranked them from fastest to slowest.
Some of the findings:
- The city with the fastest average internet speed: Whitestone, NY (138.4 Mbps)
- The city with the slowest average internet speed: Stowe, VT (7.3 Mbps)
- The state with the fastest average internet speed: Maryland (84.1 Mbps)
- The state with the slowest average internet speed: Alaska (20.6 Mbps)
- Most of the cities with the top 10 fastest speeds are on the East Coast
AT&T reported that Email traffic is down 25% as more people opt for phone and video calls. Video conferencing is on the rise with more than 470k Webex Meeting Calls on April 9, the highest during the COVID-19 pandemic. It also stated instant messaging, including text traffic from messaging apps and platforms, has slightly declined since the week prior, but overall is up nearly 60%.
For the second straight week, Verizon reported that data usage is basically flat or down slightly week-over-week — including gaming, streaming video, virtual private network (VPN) connections, web browsing and social media — indicating people have settled into their new routines.
Internet performance across the top 200 cities continued to improve through April 15, according to BroadbandNow. The company reported 91 (45.5%) cities have seen download speed decreases, down from 97 (48.5%) last week. 135 cities (67.5%) have experienced upload speed decreases, which is once again down from last week’s total of 139 (69%). Only two cities have experienced significant download speed decreases of greater than 40% out of range this week: Evansville, Indiana and Saint Paul, Minnesota.
Ookla reported that as of April 15 the U.S. has seen a very slight increase in mean download speed over mobile and fixed broadband when comparing the week of April 6 to the week prior. Specifically mean download speed over fixed broadband increased very slightly in King County, Washington during the week of April 6 while mobile download speed was relatively flat when compared with the week before. San Francisco County, California saw an increase in mean download speed over fixed broadband during the week of April 6, while mobile download speed remained flat. Westchester County, New York saw a decrease in mean download speed over fixed broadband when comparing the week of April 6 to the week before. Mobile download speed increased during the same period.
Verizon Wireless cell-network data indicates how well its customers in the U.S. are staying put during the coronavirus pandemic, with some regions of the country doing far better than others.
The carrier sees a general decline in the number of cell-site handoffs that take place when data sessions move from one tower to another as people move around.
According to the latest Verizon Network Report, handoffs have decreased by 35% nationally compared to a typical day before stay-at-home mandates and down 6% from what was reported last week.
Verizon said its New York metro and upstate markets showed the biggest declines at 51% and 61% respectively. Handoff declines for other Verizon markets:
- New England: 41%
- Northern and Southern California: 41%
- Mid-Atlantic/Greater Washington, D.C. metro area: 39%
- Georgia/Alabama: 18%
- The Carolinas/Tennessee: 16%
- Florida: 10%
- Gulf Coast: 9%
AT&T reports that its core network traffic — which includes our business, home broadband and wireless usage — was up 24% through April 7 compared to a similar day in February. Wireless voice minutes of use were up 23% compared to an average Tuesday (April 7) and consumer home voice calling minutes of use were up 33% from an average Tuesday. Wi-Fi calling minutes of use were up 80% from an average Tuesday, AT&T stated.
BroadbandNow reports that Internet performance in the U.S. is improving, with 97 cities (48.5%) recording download-speed degradations this week (down from 117, or 59% last week – through April 8). In addition 139 cities (69%) have reported upload speed disruptions, which is also down from last week’s 144, or 72%, according to BroadbandNow monitoring. Three cities are experiencing upload speed drops of greater than 40%, including Baltimore, Maryland, Los Angeles, California, and Flushing, New York. And four cities are still experiencing significant download speed drops: Lawrenceville, Georgia, Rochester, New York, Saint Paul, Minnesota, and new addition Evansville, Ind.
ICANN.Org said it has joined the COVID-19 Cyber Threat Coalition (CTC), a group with the mission to stop cybercriminals from attacking institutions and individuals by playing on fears about the coronavirus pandemic. The group includes domain name service (DNS) registries, registrars, security experts, law enforcement, and Internet engineers.
The CTC said its goal is to, “operate the largest professional-quality threat lab in the history of cybersecurity out of donated cloud infrastructure and with rapidly assembled teams of diverse, cross-geography, cross-industry threat researchers.”
The group talked about the impact of COVID-19-related attacks and stated that credential phishing (33%) and scams (30%) are the most common tactics respondents reported, but malicious documents (18%) are also a popular attack vector.
The Cybersecurity and Infrastructure Security Agency (CISA) – part of the Department of Homeland Security – warned of COVID-19 network-security issues with the most common including:
- Phishing, using the subject of coronavirus or COVID-19 as a lure
- Malware distribution, using coronavirus- or COVID-19- themed lures
- Registration of new domain names containing wording related to coronavirus or COVID-19
- Attacks against newly and often rapidly deployed remote-access and teleworking infrastructure
CISA on April 8 released new guidance on how remote government workers and potentially others should address network security. The “interim Trusted Internet Connections (TIC) 3.0 guidance to aid agencies in securing their network and cloud environments.” CISA wrote: “While this prior work has been invaluable in securing federal networks and information, the program must adapt to modern architectures and frameworks for government IT resource utilization. Accordingly, OMB’s [Office of Management and Budget] memorandum provides an enhanced approach for implementing the TIC initiative that provides agencies with increased flexibility to use modern security capabilities.”
The Cofense Phishing Defense Center (PDC) warned of a new phishing campaign that aims to harvest Cisco WebEx credentials via a security warning for the application, which Cisco’s own Secure Email Gateway fails to catch. The phishing operation comes as Cisco’s WebEx traffic is exploding. The company said its Cisco WebEx traffic grew 2.5 times in the Americas and four times in Europe. WebEx traffic from China is up 2,200%(6), with more than 73 million meetings in March and more than 324 million active attendees. That’s two times as much as it typically handle on a high-traffic day.
In an April 2nd call with the Federal Communications Commission chair, the nation’s largest telecom and broadband providers reported network usage during the COVID-19 pandemic had risen about 20-35% for fixed networks and 10-20% for cellular networks in recent weeks. In general, company representatives reported that their networks were holding up quite well, and they expected that resilience to continue. In their conversation with Chairman Ajit Pai, no providers expressed concern about their networks’ ability to hold up to increased and changing demand.
“Operators cited a general migration of traffic to suburban, exurban, and residential areas as more people work, learn, and access services from home during the pandemic. They said they would continue to monitor hotspots to be ready for any issues and proactively increase capacity in case peak traffic rises unexpectedly,” the FCC stated. The call included Altice USA, AT&T, CenturyLink, Charter, Cincinnati Bell, Consolidated Communications, Comcast, Cox, DISH, Frontier, Hughes, Mediacom, Northwest Fiber, Sprint, T-Mobile, TDS Telecom, TracFone, U.S. Cellular, Verizon, ViaSat, and Windstream.
Broadband Now reported on April 1 that more of America’s most populous cities saw decreases in median download speeds this week compared to the last. 117 cities (59%) have now shown signs of potential network strain, up from 88 cities (44%) in the previous week’s report. The company wrote that 117 (59%) of the top 200 cities it was tracking have experienced download-speed degradations over the past week compared to the first 10 weeks of 2020. Five cities have observed download speed dips greater than 40%. In addition, 144 (72%) cities have experienced degradation in upload speeds, with three seeing decreases greater than 40%.
Verizon reported that its Northeast and Mid-Atlantic regions appear to have the most people in the nation staying at home, according to its Verizon Network Report. Online collaboration surge nearly 10X versus a typical day, and growth in other internet uses has started to stabilize.
Meanwhile, AT&T said its core network traffic – which includes business, home broadband and wireless usage – was up 18% through April 1 compared to the same day in March. In a blog AT&T also noted a 700% increase in connections to its secure, cloud-based SD-WAN Static Network Based (ANIRA) service in the past few weeks. ANIRA uses IPSec to authenticate and encrypt data packets over the broadband network.
As many business and consumer users deploy videoconference services one of the most popular – Zoom – has also attracted attackers. So much so that the FBI on April 1 issued a warning saying that as large numbers of people turn to video-teleconferencing (VTC) to stay connected, reports of VTC hijacking, or “Zoom-bombing,” are emerging nationwide.
Malicious actors may target communication tools including VoIP phones, video conferencing equipment and cloud-based communications systems to overload services and take them offline or eavesdrop on conference calls. Cyber actors have also used VTC hijacking to disrupt conferences by inserting pornographic images, hate images or threatening language.
As a result, some companies have banned or limited the use of Zoom, reports say. Reuters for example wrote that Elon Musk’s rocket company SpaceX has banned its employees from using Zoom, citing “significant privacy and security concerns.” The FBI offered the following steps to help mitigate the problem:
- In Zoom, there are two options to make a meeting private: require a meeting password or use the waiting room feature and control the admittance of guests.
- Do not share a link to a teleconference or classroom on an unrestricted publicly available social media post. Provide the link directly to specific people.
- Manage screensharing options. In Zoom, change screensharing to “Host Only.”
- Ensure users are using the updated version of remote access/meeting applications. In January 2020, Zoom updated their software. In their security update, the teleconference software provider added passwords by default for meetings and disabled the ability to randomly scan for meetings to join.
AT&T said its core network traffic – which includes business, home broadband and wireless – was up 24% through March 30 compared to the same day last month. It broke down some mobility traffic patterns as well: voice calls: +33%, instant messaging: +63%, text messaging: +41%, email: -18%, web browsing: -5%, video: +4% (also accounts for over half of all mobility traffic). It also usage for conferencing: AT&T’s global audio-conferencing solution: +200%; audio, web and video conferencing tools: +400%; Large-scale webcast events: +200%.
AT&T said its investment in artificial intelligence technology is helping it keep up with demand. For example, the company said AI is helping remotely troubleshoot and diagnose problems with customer equipment, by identifying the cause or even proactively identifying a potential issue before it occurs. “We’ve expedited deployments of new AI capabilities in certain markets that will allow us to balance the traffic load within a sector and across sectors to help avoid overloading specific cells and improve the experience.”
DNS vendor BlueCat says it has been tracking the use of DNS over HTTPS (DoH) – a method of encrypting queries to prevent visibility into DNS traffic patterns. Over the last week through March 27, the company said it has seen a massive increase in the use of DoH across its customer base wrote Ben Ball, director of strategy and content marketing at BlueCat in a blog about the trend. “In the course of a single weekend, the number of endpoints attempting to use DoH went from an average of 90 to about 1,400. That’s a 1,500% increase in the use of DoH. Around 45% of these queries are from Firefox (which now activates DoH by default). Aside from that, we’re seeing queries to eleven different DoH services from all kinds of applications. DoH usage is fairly uniform across our customer base as well – this isn’t one company or industry vertical; this is a broad trend. While we haven’t seen any clear indications that any of these queries are from DoH enabled malware, that is an emerging threat that we are tracking,” Ball stated.
Ookla’s SpeedTest shows mean download speed over fixed broadband declined only slightly in Mexico and the U.S. when comparing the week of March 23 to that of March 16, while a decline in Canada’s mean download speed over fixed broadband was more evident. Mean download speed over mobile was down in the U.S. and Canada during the week of March 23, while it rose slightly in Mexico during the same period.
Broadband watchers at BroadbandNow say users in most of the cities it analyzed are experiencing normal network conditions, suggesting that ISP’s (and their networks) are holding up to the shifting demand. In a March 25 post the firm wrote: “Encouragingly, many of the areas hit hardest by the spread of the coronavirus are holding up to increased network demand. Cities like Los Angeles, Chicago, Brooklyn, and San Francisco have all experienced little or no disruption. New York City, now the epicenter of the virus in the U.S., has seen a 24% dip out of its previous ten-week range. However, with a new median speed of nearly 52 Mbps, home connections still appear to be holding up overall.”
Other BroadbandNow findings included:
- Eighty eight (44%) of the 200 cities it analyzed experienced some degree of network degradation over the past week compared to the 10 weeks prior. However, only 27 (13.5%) cities experienced dips of 20% below range or greater.
- Seattle download speeds have continued to hold up over the past week, while New York City’s speeds have fallen out of range by 24%. Both cities are currently heavily affected by the coronavirus pandemic.
- Three cities – Austin, Texas, Winston Salem, N.C., and Oxnard, Calif. – have experienced significant degradations, falling out of their 10-week range by more than 40%.
Cisco’s Talos threat-intelligence arm wrote on March 26 about the COVID security threat noting what it called three broad categories of attacks leveraging COVID with known advanced persistent threat participation in: Malware and phishing campaigns using COVID-themed lures; attacks against organizations that carry out research and other work related to COVID; and fraud and disinformation. From an enterprise security perspective, Talos recommended:
- Remote access: Do not expose Remote Desktop Protocol (RDP) to the internet. Use secure VPN connections with multi-factor authentication schemes. Network access control packages can be used to ensure that systems attempting to remotely connect to the corporate environment meet a minimum set of security standards such as anti-malware protection, patch levels, etc,. prior to granting them access to corporate resources. Continually identify and remediate access-policy violations.
- Identity Management: Protect critical and public-facing applications with multi-factor authentication and supporting corporate policies. Verify that remote-account and access-termination capabilities work as intended in a remote environment.
- Endpoint Control: Because many people may be working from home networks, endpoint visibility, protection, and mitigation is now more important than ever. Consider whether remediation and reimaging capabilities will work as intended in a remote environment. Encrypt devices where possible, and add this check to your NAC solution as a gate for connectivity. Another simple method of protecting endpoints is via DNS, such as with [Cisco’s] Umbrella, by blocking the resolution of malicious domains before the host has a chance to make a connection.
In an FAQ about the impact of COVID-19 on fulfilling customer hardware orders, VMware stated: “Some VMware SD-WAN hardware appliances are on backorder as a result of supply chain issues. As a result, we are extending the option to update existing orders with different appliances where inventory is more readily available. Customers may contact a special email hotline with questions related to backordered appliances. Please send an email to email@example.com with your questions and include the order number, urgent quantities, and contact information. We will do our best to respond within 48 hours.”
Cisco said it has been analyzing traffic statistics with major carriers across Asia, Europe, and the Americas, and its data shows that typically, the most congested point in the network occurs at inter-provider peering points, Jonathan Davidson, senior vice president and general manager of Cisco’s Mass-Scale Infrastructure Group wrote in a blog on March 26. “However, the traffic exchanged at these bottlenecks is only a part of the total internet traffic, meaning reports on traffic may be higher overall as private peering and local destinations also contribute to more traffic growth.”
“Our analysis at these locations shows an increase in traffic of 10% to 33% over normal levels. In every country, traffic spiked with the decision to shut down non-essential businesses and keep people at home. Since then, traffic has remained stable or has experienced a slight uptick over the days that followed,” Davidson stated.
He said that traffic during peak hours from 6 p.m. and 10 p.m. has increased slightly, but is not the primary driver for the overall inrease. Busy hours have extended to 9 a.m. 10 p.m., although the new busy-hour (9 a.m. to 6 p.m.) traffic is still below the traditional peak hours. “Service providers are certainly paying attention to these changes, but they are not yet a dire concern, as most networks are designed for growth. Current capacities are utilized more over the course of the entire day,” he wrote.
Spanish multinational telecommunications company Telefonica’ said IP networks are experiencing traffic increases of close to 40% while mobile voice use is up about 50% and data is up 25%. In general, traffic through IP networks has experienced increases of nearly 40% while mobile use has increased by about 50% for voice and 25% for data. Likewise, traffic from instant-messaging tools such as Whatsapp has increased fivefold in recent days.
- Week over week (ending March 23) Ookla says it has started to see a degradation of mobile and fixed-broadband performance worldwide. More detail on specific locations is available below. Comparing the week of March 16 to the week of March 9, mean download speed over mobile and fixed broadband decreased in Canada and the U.S. while both remained relatively flat in Mexico.
- What is the impact of the coronavirus on corporate network planning? Depends on how long the work-from-home mandate goes on really. Tom Nolle, president of CIMI Corp. takes an interesting look at the situation saying the shutdown “could eventually produce a major uptick for SD-WAN services, particularly in [managed service provider] Businesses would be much more likely to embark on an SD-WAN VPN adventure that didn’t involve purchase/licensing, favoring a service approach in general, and in particular one with a fairly short contract period.”
- Statistics from VPN provider NordVPN show the growth of VPN usage across the globe. For example, the company said the US has experienced a 65.93% growth in the use of business VPNs since March 11. It reported that mass remote working has contributed towards a rise in desktop (94.09%) and mobile app (0.39%) usage among Americans. Globally, NordVPN teams has seen a 165% spike in the use of business VPNs and business VPN usage in Netherlands (240.49%), Canada (206.29%) and Austria (207.86%) has skyrocketed beyond 200%. Italy has had the most modest growth in business VPN usage at just 10.57%.
UPDATE: 3. 25
- According to Atlas VPN user data, VPN usage in the US increased by 124% during the last two weeks. VPN usage in the country increased by 71% between March 16 and 22 alone. Atlas said it measured how much traffic traveled through its servers during that period compared to March 9 to 15. The data came from the company’s 53,000 weekly users.
- Verizon reports that voice usage, long declining in the age of texting, chat and social media, is up 25% in the last week. The network report shows the primary driver is accessing conference calls. In addition, people are talking longer on mobile devices with wireless voice usage notching a 10% increase and calls lasting 15% longer.
- AT&T also reported increased calling, especially Wi-Fi calling, up 88% on March 22 versus a normal Sunday. It says that consumer home voice calls were up 74% more than an average Sunday; traffic from Netflix dipped after all-time highs on Friday and Saturday; and data traffic due to heavy video streaming between its network and peered networks tied record highs. AT&T said it has deployed portable cell nodes to bolster coverage supporting FirstNet customers in Indiana, Connecticut, New Jersey, California and New York.
- Microsoft this week advised users of Office 365 it was throttling back some services:
- OneNote: OneNote in Teams will be read-only for commercial tenants, excluding EDU. Users can go to OneNote for the web for editing. Download size and sync frequency of file attachments has been changed. You can find details on these and other OneNote related updates as http://aka.ms/notesupdates.
- SharePoint: We are rescheduling specific backend operations to regional evening and weekend business hours. Impacted capabilities include migration, DLP and delays in file management after uploading a new file, video or image. Reduced video resolution for playback videos.
- Stream: People timeline has been disabled for newly uploaded videos. Pre-existing videos will not be impacted. Meeting recording video resolution adjusted to 720p.
RELATED COVID-19 NEWS
- Security vendor Check Point’s Threat Intelligence says that Since January 2020, there have been over 4,000 coronavirus-related domains registered globally. Out of these websites, 3% were found to be malicious and an additional 5% are suspicious. Coronavirus- related domains are 50% more likely to be malicious than other domains registered at the same period, and also higher than recent seasonal themes such as Valentine’s day.
- Orange an IT and communications services company aid that has increased its network capacity and upgraded its service platforms. These measures allow it to support the ongoing exponential increase in needs and uses. The number of users connecting to their company’s network remotely has already increased by 700% among its customers. It has also doubled the capacity for simultaneous connections on its platforms. The use of remote collaboration solutions such as video conferencing has also risen massively with usage increasing by between 20% to 100%.
- Verizon said it has seen a 34% increase in VPN traffic from March 10 to 17. It has also seen a 75% increase in gaming traffic and web traffic increased by just under 20% in that time period according to Verizon.
- One week after the CDC declaration of the virus as a pandemic, data analytics and broadband vendor OpenVault wrote on March 19 that:
- Subscribers’ average usage during the 9 am-to-5 pm daypart has risen to 6.3 GB, 41.4% higher than the January figure of 4.4 GB.
- During the same period, peak hours (6 pm–11 pm) usage has risen 17.2% from 5.0 GB per subscriber in January to 5.87 GB in March.
- Overall daily usage has grown from 12.19 GB to 15.46 GB, an increase of 26.8%.
- Based on the current rate of growth, OpenVault projected that consumption for March will reach nearly 400 GB per subscriber, an increase of almost 11% over the previous monthly record of 361 GB, established in January of this year. In addition, OpenVault projects a new coronavirus-influenced run rate of 460 GB per subscriber per month going forward.
Share this post if you enjoyed! 🙂