Distributed denial of service (DDoS) attacks reached their highest levels in November on two of the busiest online trading days of the year, statistics show.
On Black Friday, DDoS protection provider Link11 saw DDoS attacks on e-commerce providers increase by more than 70% compared with other days in November. On Cyber Monday, attacks increased by 109% compared with the November average.
Several attacks observed during Black Friday and Cyber Monday were of up to 100 Gbps , with the average attack on both just under 6Gbps compared with an average of 4.6 Gbps for the months of July to September, which represented a 40% increase compared with the previous quarter.
According to Link11, attacks approaching 6 Gbps “far exceed” the capacity of most websites. In the light of that fact, Link11 is warning online merchants, payment providers and logistics companies to expect further large-scale DDoS attacks in the run-up to the Christmas break.
Marc Wilczek, managing director of Link11, said the e-commerce industry has high expectations of the Christmas trading period. “Both criminals and competitors will take this as an opportunity to cause disruption to or extort the e-commerce industry.
“The growing ‘cybercrime-as-a-service’ sector favours this development. Online retailers should take action now to strengthen their IT security defences against DDoS attacks, in advance,” he said.
To ensure they are better protected against DDoS attacks, which could see them out of business for hours and even days, e-commerce providers can either invest in expanding their infrastructure to absorb peak loads with their own resources or deploy an adaptable cloud defence system.
If e-commerce providers choose the first option, they risk DDoS attackers being able to deliver ever greater attacks to overwhelm services, putting companies with online infrastructures that offer delivery and or payment processing services at risk to DDoS incidents in the run-up to the Christmas holiday.
“Forward-looking companies will benefit from investing in scalable, cloud-based protection solutions to counteract targeted overloads caused by DDoS attacks. Information about website and server failures spreads quickly across social platforms as well as complaints about long loading times. All this can contribute to further revenue losses and long-term reputational damage,” said Wilczek.
Research by German industry association Bitkom found that cyber attacks cost retailers an average of 185,000, including the costs of IT repair, loss of sales revenue and reputational damage to the business.
According to Bitkom, IT repairs typically cost 13,000, while 18,500 is the average cost of enlisting a team of specialist internet providers to restore the business’s online operations, the loss of sales over 48 hours is typically 135,000, and the value of funding reputational damage limitation measures such as a public relations and marketing campaign is around 18,500.
In April 2018, a survey of more than 300 security professionals worldwide found that the majority of respondents cited the loss of customer trust and confidence, the risk of intellectual theft and the threat of malware infection as the most damaging effects on business arising from DDoS attacks, with 78% identifying the loss of customer trust and confidence as the single most damaging effect on business of DDoS attacks.
Any online business or application is vulnerable to DDoS attacks, according to Harshil Parikh, director of security at software-as-a-service platform firm Medallia.
However, there are ways of detecting and mitigating DDoS attacks that any business dependent on the internet can and should use, he told the Isaca CSX Europe 2017 conference in London.
It is important that such organisations take time and effort to build their DDoS defence capabilities, he said, because DDoS attacks are fairly easy and cheap for attackers to carry out.
“With the advent of botnet-based DDoS attack services that will be effective against most companies, anyone can target an organisation for just a few bitcoins,” said Parikh. “Competitors and even disgruntled employees are able to carry our DDoS attacks that can result in loss of reputation as well as lost business worth a lot more than the attacks cost,” he said.