Companies were faced with a flood of DDoS attacks, which have now exceeded the terabit barrier
The Black Friday weekend didn’t only attract bargain hunters to the Internet. Research from IT security provider, Link11 shows that cybercriminals also tried to take advantage of the opportunity. According to analysis by the Link11 Security Operations Center (LSOC), cybercriminals targeted companies with DDoS attacks to damage them or extort bitcoin. However, the number of attacks this year was even higher than expected and set worrying records.
Ahead of Cyber Weekend, Action Fraud, the UK’s national reporting centre for fraud and cybercrime, released a report warning online shoppers that over 28,000 people were conned out of their money in 2020. In total more than £2.5 million was lost to cyber criminals during the same period last year with an average loss of almost £550 per victim.
During the Black Friday and Cyber Monday weekend, LSOC recorded increased DDoS attack activity across its global network. However, attacks were particularly frequent on Black Friday and Cyber Monday. In this case, the increase in the number of DDoS attacks compared to the previous year was over 200%. In addition to e-commerce providers, payment service providers and logistics companies, the attackers often targeted hosting and cloud providers as well as ISPs that provide the digital infrastructure for online business.
For applications, online services and networks that generally experience high load peaks, even relatively small DDoS attacks are enough to result in overload. To economize their resources, attackers therefore usually refrain from oversized attacks and choose their strikes to be as small as possible.
However, over the cyber weekend, LSOC recorded a bandwidth record of 1.1 Tbps. The attack volume of the botnet attack that targeted a hosting provider in Germany on Sunday was generated via a UDP flood alone. If the perpetrators had additionally used amplification techniques such as DNS or CLDAP reflection amplification, the attack volume would have been significantly higher again. The so-called amplification factor for these very frequently used DDoS vectors is 54 for DNS and up to 70 for CLDAP.
The record attack was accompanied by numerous hyper-attacks. Bandwidth peaks of over 100 Gbps were recorded in 20 other attacks over the cyber weekend.
Rolf Gierhard, Vice President Marketing at Link11: “The figures from our network send a clear message. Instead of Cyber Weekend, it should be called Cybercrime Weekend. DDoS attacks during seasonal shopping events are already the norm. Therefore, we cannot give the all-clear for the coming weeks of digital Christmas shopping.”
For online retailers who want to benefit from the sales peaks in a fail-safe manner, it is best to invest in scalable, cloud-based protection solutions that can withstand attacks in the terabit range. This keeps the focus on the core business and the online store team is not burdened with additional emergency measures.