Since the popular shopping event began in the USA, Black Friday has spread all over the world. The popular shopping day originated in Philadelphia in the 1950s. On the day after Thanksgiving, there was huge traffic chaos as part of the annual football game between the Army and Navy. However, many spectators used the day off not only to cheer on their team, but also to do their Christmas shopping.
After sales on Black Friday had risen to unexpected heights for years, especially in online retail, a decrease in the sales figures in online retail was observed for the first time in the USA in 2021. Many experts have assumed that sales will also be lower than in previous years for this year’s Black Friday and the start of the Christmas shopping session due to high inflation rates and weaker economic data.
According to various sources, Black Friday sales in 2022 were approximately eight to nine billion dollars in the U.S. and around 40 billion dollars globally. Overall, online sales in the pre-Christmas season, which kicks off with Black Friday, are down four percent globally compared to 2021.
Despite the drop in sales, Black Friday 2022 data from 5,400 retailers in 60 countries from commerce media platform Criteo shows that online transactions have increased. More online transactions also mean more risk. Not only on Black Friday do millions of pounds, euros and dollars change hands in the e-commerce business with the help of these transactions. This raises the appetite of cybercriminals, and online commerce provides them with several attack surfaces.
On the one hand, personal information, credit card numbers or other payment data are processed, and on the other, distributed denial of service (DDoS) attacks and malicious bots can massively limit online sales and customer satisfaction.
The threat is constantly looming for retailers online. But the risk of cyberattacks is growing steadily in light of major shopping events such as Black Friday and during the holiday shopping season. The downtime caused by DDoS attacks, in addition to website problems, can lead to reputational damage and severe revenue losses. For online retailers who rely on the performance and availability of their websites, this is a serious threat.
Measured against other reports, online retailers have been allowed to experience rather calm waters this year. This trend has also been evident in the Link11 network: The number of DDoS attacks registered by the Link11 Security Operations Center (LSOC) around the global shopping event was at a significantly lower level compared to last year.
In addition, the duration of the attacks decreased significantly compared to the previous year. While DDoS attacks lasted an average of 6 seconds this year, the average attack duration in 2021 was still around 14 seconds. The Link11 DDoS-Report for the first half of 2022 already showed a trend towards particularly short, but very intense attacks.
One reason for the very short attacks is the lack of prospects of success. If attackers realize within a very short time that they will not achieve their goal, they usually withdraw. This allows them to conserve resources and turn their attention to targets that are less well protected.
It is striking that the average number of attack vectors in DDoS attacks in 2022 has doubled compared to the same period last year. The attacks around Black Friday in 2021 used an average of two attack vectors. This year, that number has increased to an average of four attack vectors.
Increasingly, attackers are trying to overwhelm their victims’ defenses with a variety of different vectors at once. By itself, the use of different attack vectors in so-called multi-vector attacks is not new. However, DDoS attacks registered on the Link11 network used significantly more different attack vectors in a very short period of time than last year.
Many online retailers still try to keep their websites stable and functional with the help of “code freezing“. Code freezing has several disadvantages at the same time, such as artificial deadlines, increased downtime, more complex roadmaps, and interrupted workflows for developers.
Although code-freezing techniques are increasingly outdated, they are still used. Code freezing does not protect against the intense and complex attacks we have seen on the Link11 network. Buyers and shoppers expect their favorite online store to always be accessible. For every e-commerce owner, it is also true that the costs of an outage can quickly run into the millions, depending on the size of the online store.
It is therefore crucial to effectively manage the risk and be adequately prepared for a DDoS emergency. You can find more information about this in our free information brochure, which is available for download here.
Feel free to discuss personally with our experts how you can best protect your digital value chain and mitigate failure risks with revenue and reputation damage from DDoS attacks.
Contact us at any time.