Shopper holiday DDoS attacks are nothing new.
Back in 2009, a DDoS attack on a major DNS provider took some of the web’s biggest online stores offline. The websites for Amazon and Wal-Mart were both taken down for an hour at the peak of the holiday shopping season on December 23rd. UltraDNS, owned by Neustar, said the effects of the attack were mainly limited to California users trying to access those websites because of their proximity to Neustar’s facilities in Palo Alto and San Jose, the attack target.
Small retailers are often left the most exposed during this period as they frequently lack the cybersecurity defence systems of their bigger competitors because of their cost. Downtime for small companies can much more significantly affect their bottomline and reputation than that felt by the larger retailers, potentially leading all the way to bankruptcy.
Some of the DDoS effects can be inadvertent with websites being crashed by high demand from legitimate shoppers. Target’s launch of the Missoni shopping line in 2013 was described at the time as a “poster child for a legitimate oversubscription DoS,” by Adam Powers, CTO of cybersecurity firm Lancope, stating that high demand for Missoni merchandise had “brought” Target “to its knees.” Organizations should check their bandwidth to ensure they can handle increased network traffic at peak shopping times. Flexible hosting or clouding sites can be utilized temporarily to add capacity and prevent inadvertent holiday DDoS.
Kaspersky Lab’s latest IT Security Economics Report stated an increase of 16% in cyberattacks involving DDoS and vulnerabilities in point-of-sale (POS) systems across 2017. Kaspersky noted that the holiday sales season is a particularly attractive period for the launch of smokescreen DDoS attacks as more shoppers go online (or in-store) than usual. Ransom Denial of Service (RDoS) attacks peak, as do smokescreen DDoS, creating a distraction while hackers attempt to steal customer information and/or money.
“Given this year’s apparent increase in these types of attacks, we recommend businesses – retailers in particular – to stay alert during the holiday season, when there are more risks of cybercriminals cashing-out through the exploitation of payment systems or attacks that use DDoS,” said Alessio Aceti, Head of the Enterprise Business division at Kaspersky Lab. “These can involve cybercriminals demanding a ransom, or simply preventing an organization from trading, making them lose income and clients as a result. But apart from the obvious risks, this is also a good opportunity for businesses to think about their protection in general, by developing their cybersecurity culture and investing in the right technologies.”