DDoS Attacks on E-commerce Providers Ramp Up over 70% on Black Friday, and by 109% on Cyber Monday, shows Link11 Data

Cybercrime stress test for e-commerce on Black Friday and Cyber Monday. DDoS attacks can put online retailers, payment service providers and logistics companies under pressure in the coming Christmas season.

On Black Friday, Link11’s Security Operations Centre saw DDoS attacks on e-commerce providers increase by over 70% compared with other days in November. On Cyber Monday, attacks increased by 109% compared with the November average.

Several attacks observed during Black Friday and Cyber Monday were of up to 100 Gbps bandwidth, and the average attack volume on both days was just under 6Gbps.  In Q3 2018, the average attack volume observed by Link11 was 4.6 Gbps.  According to Link11, attack volumes approaching 6Gbps far exceed the capacity of most websites.  As such, Link11 is warning online merchants, payment providers and logistics companies to anticipate further large-scale DDoS attacks in the run-up to the Christmas break.

Marc Wilczek, Managing Director of Link11 said: “The e-commerce industry has high expectations of the Christmas trading period, and both criminals and competitors will take this as an opportunity to cause disruption to or extort the e-commerce industry. The growing ‘cybercrime-as-a-service’ sector favours this development. Online retailers should take action now to strengthen their IT security defences against DDoS attacks, in advance.”

E-commerce providers have two options to protect their websites and infrastructure against DDoS attacks. They can invest in expanding their infrastructure to absorb peak loads with their own resources:  however, DDoS attackers are usually one step ahead of their victims in terms of being able to deliver large-scale attacks to overwhelm services.

So as DDoS attackers find more ways to exploit vulnerabilities in online platforms due in part to the accessibility of DDoS for hire platforms, e-commerce providers are advised to deploy an adaptable cloud defence system to thwart DDoS attacks. Companies with online infrastructures that offer delivery and or payment processing services are particularly at risk from DDoS incidents in the run-up to the Christmas holiday.

Marc Wilczek added: “Forward-looking companies will benefit from investing in scalable, cloud-based protection solutions in order to counteract targeted overload attempts caused by DDoS attacks. Information about website and server failures spreads quickly across social platforms as well as complaints about long loading times. All this can contribute to further revenue losses and long-term reputational damage”.

Research by German industry association, Bitkom found that cyber-attacks cost retailers an average of €185,000, comprising the costs of IT repair, loss of sales revenue and reputational damage to the business:

• €13,000 – Cost of IT repairs and troubleshooting
• €18,500 – Enlisting a team of specialist Internet provider to restore the business’s online operations
• €135,000 – Loss of sales over 48 hours
• €18,500 – The value of funding reputational damage limitation measures such as a public relations and marketing campaign

Even if the IT team manages to block an attack just a few minutes after its occurrence, downstream infrastructure connections are then already interrupted. It can take several hours to restore availability, which then again results in increased costs.

For many entrepreneurs, these figures are a nightmare scenario and a financial catastrophe. Therefore, it is vital for companies to have proactive protection against DDoS attacks in place that automatically blocks attacks without interrupting the business.