Several attacks observed during Black Friday and Cyber Monday were of up to 100 Gbps bandwidth, and the average attack volume on both days was just under 6Gbps. In Q3 2018, the average attack volume observed by Link11 was 4.6 Gbps. According to Link11, attack volumes approaching 6Gbps far exceed the capacity of most websites. As such, Link11 is warning online merchants, payment providers and logistics companies to anticipate further large-scale DDoS attacks in the run-up to the Christmas break.
Marc Wilczek, Managing Director of Link11 says: "The e-commerce industry has high expectations of the Christmas trading period, and both criminals and competitors will take this as an opportunity to cause disruption to or extort the e-commerce industry. The growing ‘cybercrime-as-a-service’ sector favours this development. Online retailers should take action now to strengthen their IT security defences against DDoS attacks, in advance."
E-commerce providers have two options to protect their websites and infrastructure against DDoS attacks. They can invest in expanding their infrastructure to absorb peak loads with their own resources: however, DDoS attackers are usually one step ahead of their victims in being able to deliver large-scale attacks to overwhelm services.
So as DDoS attackers find more ways to exploit vulnerabilities in online platforms due in part to the accessibility of DDoS for hire platforms, e-commerce providers are advised to deploy an adaptable cloud defence system to thwart DDoS attacks. Companies with online infrastructures that offer delivery and or payment processing services are particularly at risk from DDoS incidents in the run-up to the Christmas holiday.
Marc Wilczek adds: "Forward-looking companies will benefit from investing in scalable, cloud-based protection solutions in order to counteract targeted overloads caused by DDoS attacks. Information about website and server failures spreads quickly across social platforms as well as complaints about long loading times. All this can contribute to further revenue losses and long-term reputational damage".
Research by German industry association, Bitkomfound that cyber-attacks cost retailers an average of €185,000, comprising the costs of IT repair, loss of sales revenue and reputational damage to the business:
·€13,000 – Cost of IT repairs and troubleshooting
·€18,500 – Enlisting a team of specialist Internet provider to restore the business’s online operations
·€135,000 – Loss of sales over 48 hours
·€18,500 – The value of funding reputational damage limitation measures such as a public relations and marketing campaign