How E-Commerce Retailers Can Thwart Black Friday DDoS Attacks
- Online retailers are planning for a big Black Friday – but so are cybercriminals. (© Nahel Abdul Hadi/unsplash.com)
Online retailers are planning for a big Black Friday – but so are cybercriminals. In this article, Link11’s Security Operations Center describes how retailers can keep their websites safe
Black Friday and Cyber Monday are highlights on every retailer’s calendar, and this year consumers across Europe are expected to spend record amounts – especially in the UK. Research published by Statista predicts that UK shoppers will spend over £7.5 billion between November 27th and 30th. This is may be the highest spending in Europe, nearly 21% more than in Germany (£5.9 billion, the second-highest) and more than the combined sales in France, Spain, the Netherlands, and Belgium.
Warnings of cybercrime during Black Friday period
But retailers and consumers aren’t the only ones preparing for Black Friday weekend. Cybercriminals are getting ready to snatch their share of the spending using extortion and blackmail techniques to target online sellers. As a cautionary measure, the British National Cyber Security Centre issued a retail security alert ahead of Black Friday sales. The German Federal Office for Information Security (BSI) also publishes regular warnings that "on high-turnover days in the e-commerce sector, the dangers posed by DDoS attacks are particularly high."*
The motives behind these attacks range from senseless vandalism to blackmail and eliminating competition. Whatever the motive, the results will be the same: retailers that can’t defend their websites and systems against DDoS attacks risk losing both revenue and reputation during this lucrative shopping period. A website taken offline by an attack will be a revenue-loser because customers will shop elsewhere, possibly leading to long-term brand damage. This is why retailers fear DDoS blackmail.
Shopping for DDoS attacks
Making matters worse, cyberattacks are relatively easy for criminals to procure. Almost anyone with the means to pay (usually with stolen credit card details) can can order a DDoS attack capable of taking down even a major e-commerce site. DDoS-for-hire services offer attacks of over 10 gigabits per second (the average business has an Internet connection of less than 100 megabits per second) for a modest fee (around $10 per hour for an attack).
In the past few months, the Link11 Security Operation Center has registered an increase in large-volume DDoS attacks. Since the issue of the Link11 DDoS Report, attacks of several 10 or even 100 Gbps have become the new normal and are no longer the exception. The average attack bandwidth remains high, at 4.1 Gbps.
It’s worth noting that during busy periods, it’s not necessary to launch a large-scale attack to overload and crash a website. The volume of ordinary traffic alone can result in long page-loading times, timeouts, and error messages, even without malicious interventions. As such, an attack with a bandwidth of just a few Gbps can be enough to cripple a site.
Defending against DDoS
Because it’s easier for criminals to launch damaging attacks, retailers are increasingly challenged to identify and put in place resources to successfully ward off those attacks. Conventional best practices for doing this include:
- Calculating projected web traffic increases through internal coordination between IT and sales
- Assessing possible risks with internal and external service providers
- Creating and deploying monitoring resources
- Configuring and performing website load tests
- Outsource static content to content-delivery networks
- Disabling personalized content on popular shopping days
- Finding and remedying IT bottlenecks
- Temporarily expanding web infrastructure
However, these measures are time-consuming and costly to plan and implement. Also, deploying additional bandwidth often results in an ‘arms race’ between businesses and criminals – and the criminals usually win, simply because they can scale their attacks far more rapidly than businesses can scale their traditional defences.
As a result, retailers that want to avoid Black Friday weekend blackouts should concentrate less on expanding their bandwidth and server capacities, and more on preventive security measures based on always available, massively scalable, cloud-based DDoS protection. This approach reroutes all traffic headed for the organization’s website to an external, cloud-based protection service. This ensures that the website only receives legitimate and clean IP traffic. This approach nullifies potential attacks before they can impact the retailer’s e-commerce operation – and ensures they’ll have a successful Black Friday weekend without DDoS-induced blackouts.
- Total value of sales during Black Friday and Cyber Monday in selected European countries from 2018 to 2019, with a forecast for 2020 , Statista, November 2020
- The Situation of IT Security in Germany 2019, BSI, October 2019
Stay updated on current DDoS reports, warnings, and news about IT security, cybercrime and DDoS protection.
Follow Link11 on Twitter
How to protect your business and website from DDoS attacks during the biggest sales period of the year:…
5 Retweets 6Read More
What are DDoS Attacks and how do cybercriminals use them as weapons to shut down IT infrastructures? And more impor…
7 Retweets 5Read More
This is why (and how) you should block bots on your business website (includes a list of most common bot attacks):…
13 Retweets 9Read More
What is Web Application Firewall, why do you need it and how does it protect your company? Learn more by reading ou…
3 Retweets 5Read More
@RandyLoss Hah, you weren't the only one saying that.
0 Retweets 0
@vxtrade Your company might ;)
0 Retweets 1
@deckhand25 He is not, but close enough! ;)
0 Retweets 1
What would you do if you received a 180 000€ DDoS extortion email warning to exceed your web infrastructure defense…
1 Retweets 4Read More
Get a detailed and up to date overview of the global DDoS threat landscape by taking a look at our DDoS Report from…
6 Retweets 5Read More
@SecurityParalok Link11 DDoS Protection can help!
0 Retweets 0
@QAValley Thank you for sharing, great piece. For the fastest and reliable German made DDoS Protection, get in touch!
0 Retweets 0