DDoS Attacks on Retail Reach All Time High

The number of hacker attacks on online stores and retailers around the world in Q4 2020 increased by 77% compared to the same period a year ago.

StormWall experts analyzed DDoS attacks targeting various industries in 2020. According to the results of the analysis, experts found that the most attacked industries were entertainment (40.76%), telecommunications (29.27%) and online retail (11.94%). Also during the year, such areas of business as construction (6.26%), finance (4.56%), education (3.61%), services (2.58%) and others (1.02%) were attacked. The number of attacks on online clothing stores increased 5 times, on electronics stores — 7 times, on furniture stores — 10 times. All other e-commerce sectors suffered severe attacks too.

DDoS attacks on retail reach all time high

During the pandemic, e-commerce was booming, and many new flawed online stores were launched in a rush, StormWall experts explain. At the same time powerful tools for organizing DDoS attacks have appeared on the Internet. They are now available to a wide range of unlawful consumers. For instance, the ability to access 400 Gbps attacks launched from real devices costs $500 a week via Telegram. It is often possible to organize such a powerful attack for free — a representative potential buyer and request a test for a few minutes, while an attack is likely to affect not only the “victim” itself, but also several Internet providers on the way to it, leaving thousands of users and online resources without Internet access.

Generally speaking, DDoS attacks can take one of three forms, although it is not uncommon for attackers to combine two or all three types of attacks into a single campaign.

In attacks based on a botnet system to generate huge amounts of traffic. These DDoS attacks exhaust bandwidth, it is impossible for real traffic to reach the target.

Protocol attacks send streams of malicious communication requests to servers and network infrastructure such as firewalls and load balancers, consuming enough resources to disrupt operations.

Application-level attacks appear to be legitimate requests to a web server or application. They then start processes that consume excess disk space or memory until the target service crashes.

Because the per-minute cost of downtime is so high for e-commerce retailers, there is a strong incentive for them to consider paying the ransom payments often demanded by the criminals behind today’s DDoS attacks. DDoS attacks are also sometimes used as a distraction tactic, in which attackers steal customer payment card data from other parts of the victim’s network. Making a website accessible to your customers should be the number one priority for any online store: according to the stats of the russian e-commerce segment, an average loss of an attacked shop per day amounts to about $10 000 (700 000 RUB).

DDoS attacks are also sometimes used as a distraction tactic, while attackers steal customer payment card data from other parts of the victim’s network. Making a website accessible to your customers should be the number one priority for any online store. It is impossible to sell goods without an online store. Fortunately, tools exist to help business owners, website operators, and others defend against DDoS attacks. Web Application Firewall (WAF) can help block malicious traffic from outside your network. This ensures that only filtered traffic from legitimate users passes through.

Cybersecurity experts can also help you keep informed about new and emerging attack methods by offering solutions that continually reflect. This ensures that your website or online service is always available to users. DDoS attacks are one of the most serious threats e-commerce retailers can face. However, by taking the right countermeasures, you can protect yourself from them. Safeguards minimize downtime, avoid disruption to your customers, and save you unnecessary stress and headaches by fending off malicious attacks.