Black Friday is prime time for distributed denial-of-service (DDoS) attacks, especially as retail goes online even more than usual in 2020.

Forecasters predict e-commerce sales will soar to new heights this holiday season, increasing by as much as 35% year-over-year. This explosion in online shopping brings new challenges to retailers, including managing logistics and supply chains. It also means that increased cyber threats targeting the retail industry are all but inevitable. While retailers should take measures to secure e-commerce infrastructures all year long, this year’s Black Friday DDoS attacks may be especially challenging if they accompany exceptionally high volumes of normal traffic.

From phishing scams promising a free online gift card to content-scraping bots collecting price and product data on behalf of people making fake items, holiday season cyberattacks on retailers have become an unwelcome annual tradition to watch out for this Black Friday.

Retail at Risk

Though national retail chains and local stores alike have seen a shocking decline in foot traffic over the past few months, overall consumer spending remains strong. In fact, the National Retail Federation forecasts that retail sales during 2020 will increase between 3.5% and 4.1% over 2019’s numbers. This means the retail landscape is in the midst of a seismic shift, with many of the dollars that shoppers previously spent in brick-and-mortar stores instead going toward online purchases.

The volume of distributed denial-of-service attacks usually increases around the holidays as well. But this year may well be worse than most. Over the course of Q1 and Q2 of 2020, DDoS attacks were greater in size, frequency and duration than in previous periods, and record-breaking bits-per-second (BPS) and packets-per-second (PTS) attacks were observed.

Researchers at Kaspersky Labs attribute the spike to the coronavirus pandemic and resulting closures, writing that “the forced migration of many day-to-day activities online led to an increase in potential DDoS targets.”

Due to the growing prevalence of insecure Internet of things (IoT) devices that can readily be recruited into botnets and widespread access to DDoS-as-a-service attack systems, it has never been cheaper or easier for criminals to launch DDoS attacks. 

Types of DDoS Attacks Targeting Online Retailers

Broadly speaking, DDoS attacks can take one of three forms, though it’s not uncommon for attackers to combine two or all three attack types into a single campaign. 

Volume-based attacks employ botnets to generate huge volumes of traffic. These DDoS attacks exhaust all of the bandwidth, making it impossible for real traffic to access the target.

Protocol attacks send floods of malicious communication requests to servers and network infrastructure like firewalls and load balancers, consuming enough resources to disrupt functioning.

Application-layer attacks send legitimate-seeming requests to a web server or application. Then, they run processes that consume excess disk space or memory until the targeted service goes down.

Because the per-minute costs of downtime are so high for e-commerce retailers, they have a powerful incentive to consider paying the ransoms that the criminals behind today’s DDoS attacks frequently demand. DDoS attacks are also sometimes used as a diversion tactic while threat actors steal customer payment card data from other parts of the victims’ network.

How to Stop a DDoS Attack Targeting Retailers

It’s difficult to defend against DDoS attacks that are already in progress if a retailer doesn’t already have protection in place. The most effective defenses against these types of attacks are ones that are put in place before their launch. Therefore, proactive planning is essential.

Major cloud service providers or content delivery networks (CDN) usually offer one-stop DDoS protection services. These include preventative load balancing, which automatically distributes traffic across a large-scale network of servers. Therefore, this keeps the traffic from crashing the target of the attack.

An increasing number of vendors are offering DDoS mitigation-as-a-service as well. Reliance on third-party service providers is already rising in the retail sector, and there’s good reason for this. A managed security service provider can help a retailer stay abreast of the latest threat data, implement monitoring at all times, and deploy advanced filtering techniques to distinguish between malicious and trusted inbound traffic.

“Trying to combat a DDoS attack with no protection in place is a stress-inducing nightmare that no IT team wants to contemplate during peak season,” says David Holmes of Forrester Research. Instead, advance planning is key. 

More from Retail

Cost of a Data Breach: Retail Costs, Risks and Prevention Strategies

Whether it’s online or brick-and-mortar, every new store or website represents a new potential entry point for threat actors. With access to more personally identifiable information (PII) of customers than most industries, bad actors perceive retail as a great way to cash in on their attacks. Plus, attackers can duplicate attack methods more easily since retailers share similar cybersecurity infrastructure. The good news for retail is that the cost of a data breach in the sector remains low compared to…

Lessons Learned by 2022 Cyberattacks: X-Force Threat Intelligence Report

Every year, the IBM Security X-Force team of cybersecurity experts mines billions of data points to reveal today’s most urgent security statistics and trends. This year’s X-Force Threat Intelligence Index 2022 digs into attack types, infection vectors, top threat actors, malware trends and industry-specific insights. This year, a new industry took the infamous top spot: manufacturing. For the first time in over five years, finance and insurance were not the top-attacked industries in 2021, as manufacturing overtook them by a…

Magecart Attacks Continue to ‘Skim’ Software Supply Chains

Did your company or e-commerce firm recently buy third-party software from a value-added reseller (VAR) or systems integrator? Did you vet the vendor code? If not, you could be at risk for a Magecart group attack. Magecart is an association of threat actor groups who target online shopping carts, mostly from within the e-commerce platform Magento. The Magecart name is derived by combining ‘Mage’ (from Magento) with ‘cart’ (shopping cart). This type of attack is especially dangerous as it only…

Omnichannel E-commerce Growth Increases API Security Risk

Today, a lot of the digital innovation we see is largely thanks to the application programming interface (API). Without APIs, rapid development would be nearly impossible. After all, the API is the link between computers, software and computer programs. But wherever there’s a link, a potential data security weakness exists. Essential for modern mobile, SaaS and web applications, APIs are nearly ubiquitous in everything from front office, back office and internal applications. By nature, however, APIs expose application logic and…