Experts from StormWall studied DDoS-attacks targeting the online retail industry in Europe. During the research, StormWall collected data from its clients working in multiple e-commerce segments. Experts discovered that during the pandemic, between February and October 2020, the number of DDoS attacks targeted at online retail services quadrupled compared to the same period last year.
The growth in attack number is primarily contributed to the increased competition between online retailers during the global health crisis. Some companies use DDoS attacks to gain an unfair advantage. What’s more, hackers are more frequently targeting businesses to extort money. In e-commerce, an unavailable website may lead to major profit loss. Cybercriminals use website downtime as a leverage, promising to stop the attack and restore the service operation, once the victim company pays the ransom. Additionally, hackers may try to steal personal data from online store’s customers, using the attacks as a diversion.
According to StormWall’s data, between February and October 2020, the number of attacks on online fashion stores increased by 4 times compared to the same period last year. The number of attacks on online electronics stores — by 5 times, and the number of attacks on online furniture stores — by 8 times. Attacks targeting online car product stores grew by 3 times, while attacks aimed at online renovation stores grew by 7 times.
The frequency of DDoS Attacks has been always rising, but the growth rate accelerated dramatically during the pandemic.
StormWall’s experts have pointed out that new types of DDos attacks are appearing in the e-commerce sector in 2020, which suggests that attacks are becoming more sophisticated year by year. While in 2019 the majority of attacks were carried out over the HTTP protocol, the number of attacks over the TCP (20,6%) and UDP (14,1%) protocols significantly increased between February and September 2020, while the attacks over HTTP protocol made up the remaining 65,3% of DDoS campaigns. This may be due to the development of “stressers” market — software, available for purchase by regular users that can generate high number of requests to “test” one’s resources. Furthermore, the number of DDoS attacks over the HTTP protocol has risen by 296% between February and September 2020, compared to the same period last year.
"E-commerce has always been an attractive field to cybercriminals, and during the pandemic, hackers' interest in the sector developed even more. Criminals are actively advancing the methods of DDoS attacks, and retailers are finding it increasingly difficult to defend against them. This is a serious threat. The new trend is that the attackers are attempting to find vulnerabilities that require a small number of requests per second to make a website unavailable. An effective defense system that can shield against this type of campaign needs to have intelligent DDoS protection, like proactive analysis and self-learning." — noted Ramil Khantimirov, the CEO and co-founder of StormWall.