Wednesday, 20th February 2019

DDoS attacks on e-commerce providers ramp up over 70% on Black Friday, and by 109% on Cyber Monday

Data shows dramatic surge in DDoS incidents against e-commerce firms over critical online shopping days in November: Link11 warns of further attacks in approach to Christmas.

Link11, the cloud anti-DDoS protection, has released data showing DDoS attacks were at their highest levels in November on two of the busiest online trading days of the year. On Black Friday, Link11’s Security Operations Centre saw DDoS attacks on e-commerce providers increase by over 70% compared with other days in November. On Cyber Monday, attacks increased by 109% compared with the November average.

Several attacks observed during Black Friday and Cyber Monday were of up to 100 Gbps bandwidth, and the average attack volume on both days was just under 6Gbps. In Q3 2018, the average attack volume observed by Link11 was 4.6 Gbps. According to Link11, attack volumes approaching 6Gbps far exceed the capacity of most websites. As such, Link11 is warning online merchants, payment providers and logistics companies to anticipate further large-scale DDoS attacks in the run-up to the Christmas break.

Marc Wilczek, Managing Director of Link11 says: "The e-commerce industry has high expectations of the Christmas trading period, and both criminals and competitors will take this as an opportunity to cause disruption to or extort the e-commerce industry. The growing ‘cybercrime-as-a-service’ sector favours this development. Online retailers should take action now to strengthen their IT security defences against DDoS attacks, in advance."

E-commerce providers have two options to protect their websites and infrastructure against DDoS attacks. They can invest in expanding their infrastructure to absorb peak loads with their own resources: however, DDoS attackers are usually one step ahead of their victims in being able to deliver large-scale attacks to overwhelm services.

So as DDoS attackers find more ways to exploit vulnerabilities in online platforms due in part to the accessibility of DDoS for hire platforms, e-commerce providers are advised to deploy an adaptable cloud defence system to thwart DDoS attacks. Companies with online infrastructures that offer delivery and or payment processing services are particularly at risk from DDoS incidents in the run-up to the Christmas holiday.

Marc Wilczek adds: "Forward-looking companies will benefit from investing in scalable, cloud-based protection solutions in order to counteract targeted overloads caused by DDoS attacks. Information about website and server failures spreads quickly across social platforms as well as complaints about long loading times. All this can contribute to further revenue losses and long-term reputational damage".

Research by German industry association, Bitkomfound that cyber-attacks cost retailers an average of €185,000, comprising the costs of IT repair, loss of sales revenue and reputational damage to the business:

·€13,000 – Cost of IT repairs and troubleshooting

·€18,500 – Enlisting a team of specialist Internet provider to restore the business’s online operations

·€135,000 – Loss of sales over 48 hours

·€18,500 – The value of funding reputational damage limitation measures such as a public relations and marketing campaign

CrowdStrike reveals the adversaries with the fastest breakout time.
Venafi and nCipher Security have formed a new technology partnership and integration. The integrated...
Pulse Secure has announced the integration of SDP (Software Defined Perimeter) architecture within i...
SaRA Health, a cutting-edge healthcare technology startup company, has chosen Armor’s managed securi...
Balbix Inc., provider of the security industry’s first system built for avoiding breaches, has relea...
Association establishes first-of-its-kind Professional Development Institute to extend training offe...
44% of decision makers are spending a day each week dealing with cybersecurity issues.
Proof of concept lays a foundation for quantum-resistant digital certificates for IoT devices.