30 June 2021

The Most Vulnerable Industries for DDoS Attacks

According to statistics collected during 2019-2021 by StormWall specialists, companies from the following areas are at risk of being attacked:

• Online commerce, retail;
• Fintech services;
• Telecom.

Why are these industries targeted by hackers, what technologies are they using, and how to defend against a potential attack if you work in one of these business areas? Ramil Khantimirov, CEO and founder of StormWall, talks about the most vulnerable industries.

Online Retail

The number of DDoS attacks on online retail has grown by 400% this year compared to last year, with attacks mainly used in unfair competition and for extortion of money.

2020, as expected, was the richest year for hacking (so far). This is due to several factors: both the long-term trend towards an increase in the number of such crimes, and the Covid lockdown — consumers went online and began to buy more in online stores.

According to Ramil, attacks can be divided into several types based on the goals of the cybercriminals:

• stealing user data;
• “Commercial” DDoS attacks on online stores for ransom;
• DDoS attacks on websites, infrastructure and internal systems made for the sake of unfair competition;
• Launching ransomware viruses.

Despite the fact that public attention is usually riveted to large data leaks and attacks on world famous services, small and medium-sized businesses suffer most from hacker threats. According to statistics for 2019-2020, within six months, up to 2/3 of all small and medium-sized e-com businesses face problems in the field of IT security. And it can be caused by any of the attacks listed above: DDoS, data leakage, encryption of critical information. This is why 85% of small businesses plan to increase their IT security spending (according to the poll in 2020). Ultimately, due to the growing pressure on the already small budgets of such businesses, small and medium-sized enterprises run the risk of leaving the market for good.

Fintech services

The share of DDoS attacks on banks and financial institutions increased by 27% in 2020 compared to the previous year. The main reason for attacks on the financial sector was data theft; personal data of users and bank card data were of the greatest interest to hackers. Over the past year, more than $ 2 million in bitcoins were paid to the addresses of cybercriminals who attacked various financial services. An interesting fact: according to surveys of top managers of various kinds of financial services, 85% of them claimed that their infrastructure is safe. However, in fact, every third respondent was subsequently successfully attacked over the next year.

In order to be closer to their user base, many banks are introducing cloud services into their infrastructure, as well as creating web versions of personal accounts and online applications. Such solutions greatly increase customer focus, but negatively affect data security, which, in turn, is used by attackers. According to the founder of StormWall, the deployment of client applications itself has created multiple entry points for cyber attacks. Attackers are motivated by gaining access to information on credit cards, gaining control over users' finances, making money transfers, and stealing personal data.

Such activity of hackers can accompany DDoS attacks to distract the attention and resources of IT professionals from data leakage. Another emerging trend associated with this type of attack is the blackmailing of companies by leaking sensitive data onto the network. Information disclosure tactics are chosen by cybercriminals in the event that companies have backups of all lost / encrypted data.

Telecom

The number of DDoS attacks on the telecommunications industry increased by 35% compared to the previous year. The significant growth is justified by the noticeably increased competition in this market: with the transition to home offices, customers' requirements for the continuity of Internet access, as well as the criticality of this infrastructure, increased, which competitors took advantage of in their unfair competition for the market.

Ramil Khantimirov also notes that telecom very often comes under attack indirectly when DDoS attacks occur on the websites of online stores and online services. Recently, botnet rental services for DDoS attacks, which capacity can reach 400-500 Gbps, have become available to anyone on the black market. Such a load is enough not only for the victim's servers, but also for the IT infrastructure of numerous ISP’s standing in between the victim and the attacking botnet.

Along with known types of attacks, Researchers from SIDN Labs, (.nl domain zone), InternetNZ (.nz domain zone) and the Institute of Information Sciences of the University of Southern California described a new network vulnerability, tsuNAME, that could be exploited by attackers. The essence of the attack is that authoritative DNS servers are overloaded and disabled by numerous requests resulting from an endless loop. The result of such an attack can be a complete denial of Internet access at the country level.