valentines-day-retail_web-24.jpg

Valentine’s Day: DDoS Attackers to Threaten Online Retailers

Threat Landscape

Valentine’s Day: DDoS Attackers to Threaten Online Retailers

Valentine’s Day has become an important sales driver for retailers. Increasing numbers of people are buying their gifts online. In recent years, the numbers of shoppers choosing to shop online has risen to 40%. According to forecasts, e-commerce sales for this year’s Valentine’s Day will again set new records. The COVID-19 pandemic, which has led to the closure of large parts of brick-and-mortar retail in many countries, will further boost this growth. As a result, a benefit is good business for online stores. But the Link11 Security Operations Center calls for caution: cybercriminals could spoil their business with DDoS attacks.

More and more people are buying flowers or gifts online for Valentine’s Day. To get through this seasonal shopping peak unscathed, online retailer should effectively prepare their own technical infrastructure. Optimizing websites, logistics, supply chains, and payment options should also be scrutinized with the focus on the shopping peak. The increase in online shopping also means increased demands on IT security. In addition to cyber risks such as credit card fraud, malware attacks, and bad bots, DDoS attacks can become a danger in 2021 if they come with high attack volumes or high duration. The motive behind these attacks is often cyber extortion. The perpetrators send their demands by e-mail and use the attacks to foretaste what will follow if the victim does not pay.

As website traffic increases, so do attack risks

The volume of visitors to stores usually increases steadily from the beginning of February and reaches its peak on February 12 and 13. This makes websites vulnerable to attack – especially DDoS attacks. The already high load peaks in an online store’s data traffic are driven up even further by the manipulated data flood of the attacks. Unfiltered, this extra data traffic jams the already thin bandwidth or overloads web applications such as product search or interfaces to process payment transactions in online stores. This prevents order processes from being completed or payments from being made. The worst case is that the plug is pulled on the store, literally, and it is no longer accessible meaning lost revenue and unhappy customers.

valentine day teaser 1200px

Download Infographic

Such disruptions or outages do not necessarily require DDoS attacks of several 100 Gbps, such as those regularly registered by the Link11 Security Operation Center as part of its network monitoring and DDoS defense for online retailers and payment providers. Even relatively small attacks of several dozen Gbps can overload a store’s IT infrastructure. Equally feared are long-lasting attacks, which – as incidents from recent months have shown – can last up to 95 hours. No online retailer wants to face such long downtimes.

How DDoS attacks can be stopped

Even in normal shopping times, it is a significant challenge for store operators to defend themselves against such attacks if they do not have adequate protection in place. Under Valentine’s Day’s special challenges, specifically the rise in traffic, this situation threatens to become even more stressful. Defense is much easier and less likely to be compromised if protective measures have been put in place in advance. The best place to start is usually the hosting provider where the store infrastructure is hosted. The providers mostly have one or more DDoS protection solutions they can provide to the e-commerce customer. Since the hosting provider knows its customers and their technical requirements well, he can provide protection quickly and in a customized protection. In addition, help can be sought from specialized DDoS protection solutions providers. These usually work in partnership with the hosting providers anyway.

If doubts arise as to whether protecting one’s own store against such impending threats is sufficient, now is still the perfect time to act. A discussion with the hosting provider or IT security experts from a solution provider can quickly clarify where improvements in the infrastructure and defense make sense.

Get protected