Black Friday is prime time for distributed denial-of-service (DDoS) attacks, especially as retail goes online even more than usual in 2020.
Forecasters predict e-commerce sales will soar to new heights this holiday season, increasing by as much as 35% year-over-year. This explosion in online shopping brings new challenges to retailers, including managing logistics and supply chains. It also means that increased cyber threats targeting the retail industry are all but inevitable. While retailers should take measures to secure e-commerce infrastructures all year long, this year’s Black Friday DDoS attacks may be especially challenging if they accompany exceptionally high volumes of normal traffic.
From phishing scams promising a free online gift card to content-scraping bots collecting price and product data on behalf of people making fake items, holiday season cyberattacks on retailers have become an unwelcome annual tradition to watch out for this Black Friday.
Retail at Risk
Though national retail chains and local stores alike have seen a shocking decline in foot traffic over the past few months, overall consumer spending remains strong. In fact, the National Retail Federation forecasts that retail sales during 2020 will increase between 3.5% and 4.1% over 2019’s numbers. This means the retail landscape is in the midst of a seismic shift, with many of the dollars that shoppers previously spent in brick-and-mortar stores instead going toward online purchases.
The volume of distributed denial-of-service attacks usually increases around the holidays as well. But this year may well be worse than most. Over the course of Q1 and Q2 of 2020, DDoS attacks were greater in size, frequency and duration than in previous periods, and record-breaking bits-per-second (BPS) and packets-per-second (PTS) attacks were observed.
Researchers at Kaspersky Labs attribute the spike to the coronavirus pandemic and resulting closures, writing that “the forced migration of many day-to-day activities online led to an increase in potential DDoS targets.”
Due to the growing prevalence of insecure Internet of things (IoT) devices that can readily be recruited into botnets and widespread access to DDoS-as-a-service attack systems, it has never been cheaper or easier for criminals to launch DDoS attacks.
Types of DDoS Attacks Targeting Online Retailers
Broadly speaking, DDoS attacks can take one of three forms, though it’s not uncommon for attackers to combine two or all three attack types into a single campaign.
Volume-based attacks employ botnets to generate huge volumes of traffic. These DDoS attacks exhaust all of the bandwidth, making it impossible for real traffic to access the target.
Protocol attacks send floods of malicious communication requests to servers and network infrastructure like firewalls and load balancers, consuming enough resources to disrupt functioning.
Application-layer attacks send legitimate-seeming requests to a web server or application. Then, they run processes that consume excess disk space or memory until the targeted service goes down.
Because the per-minute costs of downtime are so high for e-commerce retailers, they have a powerful incentive to consider paying the ransoms that the criminals behind today’s DDoS attacks frequently demand. DDoS attacks are also sometimes used as a diversion tactic while threat actors steal customer payment card data from other parts of the victims’ network.
How to Stop a DDoS Attack Targeting Retailers
It’s difficult to defend against DDoS attacks that are already in progress if a retailer doesn’t already have protection in place. The most effective defenses against these types of attacks are ones that are put in place before their launch. Therefore, proactive planning is essential.
Major cloud service providers or content delivery networks (CDN) usually offer one-stop DDoS protection services. These include preventative load balancing, which automatically distributes traffic across a large-scale network of servers. Therefore, this keeps the traffic from crashing the target of the attack.
An increasing number of vendors are offering DDoS mitigation-as-a-service as well. Reliance on third-party service providers is already rising in the retail sector, and there’s good reason for this. A managed security service provider can help a retailer stay abreast of the latest threat data, implement monitoring at all times, and deploy advanced filtering techniques to distinguish between malicious and trusted inbound traffic.
“Trying to combat a DDoS attack with no protection in place is a stress-inducing nightmare that no IT team wants to contemplate during peak season,” says David Holmes of Forrester Research. Instead, advance planning is key.