November 23, 2020 By Dawn Blizard 3 min read

Black Friday is prime time for distributed denial-of-service (DDoS) attacks, especially as retail goes online even more than usual in 2020.

Forecasters predict e-commerce sales will soar to new heights this holiday season, increasing by as much as 35% year-over-year. This explosion in online shopping brings new challenges to retailers, including managing logistics and supply chains. It also means that increased cyber threats targeting the retail industry are all but inevitable. While retailers should take measures to secure e-commerce infrastructures all year long, this year’s Black Friday DDoS attacks may be especially challenging if they accompany exceptionally high volumes of normal traffic.

From phishing scams promising a free online gift card to content-scraping bots collecting price and product data on behalf of people making fake items, holiday season cyberattacks on retailers have become an unwelcome annual tradition to watch out for this Black Friday.

Retail at Risk

Though national retail chains and local stores alike have seen a shocking decline in foot traffic over the past few months, overall consumer spending remains strong. In fact, the National Retail Federation forecasts that retail sales during 2020 will increase between 3.5% and 4.1% over 2019’s numbers. This means the retail landscape is in the midst of a seismic shift, with many of the dollars that shoppers previously spent in brick-and-mortar stores instead going toward online purchases.

The volume of distributed denial-of-service attacks usually increases around the holidays as well. But this year may well be worse than most. Over the course of Q1 and Q2 of 2020, DDoS attacks were greater in size, frequency and duration than in previous periods, and record-breaking bits-per-second (BPS) and packets-per-second (PTS) attacks were observed.

Researchers at Kaspersky Labs attribute the spike to the coronavirus pandemic and resulting closures, writing that “the forced migration of many day-to-day activities online led to an increase in potential DDoS targets.”

Due to the growing prevalence of insecure Internet of things (IoT) devices that can readily be recruited into botnets and widespread access to DDoS-as-a-service attack systems, it has never been cheaper or easier for criminals to launch DDoS attacks. 

Types of DDoS Attacks Targeting Online Retailers

Broadly speaking, DDoS attacks can take one of three forms, though it’s not uncommon for attackers to combine two or all three attack types into a single campaign. 

Volume-based attacks employ botnets to generate huge volumes of traffic. These DDoS attacks exhaust all of the bandwidth, making it impossible for real traffic to access the target.

Protocol attacks send floods of malicious communication requests to servers and network infrastructure like firewalls and load balancers, consuming enough resources to disrupt functioning.

Application-layer attacks send legitimate-seeming requests to a web server or application. Then, they run processes that consume excess disk space or memory until the targeted service goes down.

Because the per-minute costs of downtime are so high for e-commerce retailers, they have a powerful incentive to consider paying the ransoms that the criminals behind today’s DDoS attacks frequently demand. DDoS attacks are also sometimes used as a diversion tactic while threat actors steal customer payment card data from other parts of the victims’ network.

How to Stop a DDoS Attack Targeting Retailers

It’s difficult to defend against DDoS attacks that are already in progress if a retailer doesn’t already have protection in place. The most effective defenses against these types of attacks are ones that are put in place before their launch. Therefore, proactive planning is essential.

Major cloud service providers or content delivery networks (CDN) usually offer one-stop DDoS protection services. These include preventative load balancing, which automatically distributes traffic across a large-scale network of servers. Therefore, this keeps the traffic from crashing the target of the attack.

An increasing number of vendors are offering DDoS mitigation-as-a-service as well. Reliance on third-party service providers is already rising in the retail sector, and there’s good reason for this. A managed security service provider can help a retailer stay abreast of the latest threat data, implement monitoring at all times, and deploy advanced filtering techniques to distinguish between malicious and trusted inbound traffic.

“Trying to combat a DDoS attack with no protection in place is a stress-inducing nightmare that no IT team wants to contemplate during peak season,” says David Holmes of Forrester Research. Instead, advance planning is key. 

More from Retail

5 ways to improve holiday retail and wholesale cybersecurity

4 min read - It’s the most wonderful time of the year for retailers and wholesalers since the holidays help boost year-end profits. The National Retail Federation (NRF) predicts 2022 holiday sales will come in 6% to 8% higher than in 2021. But rising profits that come at the cost of reduced cybersecurity can cost companies in the long run when you consider the rising size and costs of data breaches. The risk of data breaches and other cyber crimes can make this shopping…

Cost of a data breach: Retail costs, risks and prevention strategies

3 min read - Whether it’s online or brick-and-mortar, every new store or website represents a new potential entry point for threat actors. With access to more personally identifiable information (PII) of customers than most industries, bad actors perceive retail as a great way to cash in on their attacks. Plus, attackers can duplicate attack methods more easily since retailers share similar cybersecurity infrastructure. The good news for retail is that the cost of a data breach in the sector remains low compared to…

Lessons learned by 2022 cyberattacks: X-Force Threat Intelligence Report

3 min read - Every year, the IBM Security X-Force team of cybersecurity experts mines billions of data points to reveal today’s most urgent security statistics and trends. This year’s X-Force Threat Intelligence Index 2022 digs into attack types, infection vectors, top threat actors, malware trends and industry-specific insights. This year, a new industry took the infamous top spot: manufacturing. For the first time in over five years, finance and insurance were not the top-attacked industries in 2021, as manufacturing overtook them by a…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today