Blog

Retailers Hit Hard By DDoS During COVID-19

Retailers Hit Hard By DDoS During COVID-19

Entrepreneurs have the ability to identify a “pain point” that exists with a particular user experience, and then come up with a solution that remedies it in as seamless a way as possible. Cybercriminals have a similar ability. Only instead of coming up with solutions to challenges people are facing, they seize opportunities to cause even more chaos.

One recent example of this relates to the rise of online shopping during the COVID-19 pandemic. While ecommerce has been an increasingly large part of people’s lives in the past couple of decades, never has it been quite as necessary. During coronavirus lockdowns, it was even relied upon as many were unable to visit brick-and-mortar stores to do their shopping.

With customers increasingly dependent on online shopping, cybercriminals have capitalized on this by ramping up cyberattacks. This includes Distributed Denial of Service (DDoS) attacks. These attacks seek to knock websites or online services offline. This is achieved by bombarding them with enormous amounts of fake traffic, rendering them unable to accept requests from legitimate customers.

Targeted by botnets

While a regular Denial of Service (DoS) attack emanates from one single source, a DDoS attack reflects and amplifies fraudulent requests by using a massive network. Which is called a botnet. This contains hundreds or even thousands of other computers or devices around the world. Usually these have been infected with malware, so the rightful owners may not have any idea what is going on.

The resulting DDoS attacks, coming from a vast network of attackers, can be extremely damaging to targets. Both in terms of both unwanted downtime and dented customer trust.

During the COVID-19 pandemic, the number of DDoS attacks have greatly increased. In some parts of the world, such as Europe, they have increased by around four-fold during 2020. One particular DDoS attack approach involving an HTTP protocol increased an enormous 296% between the months of February and September 2020, compared to the same period in 2019.

Extra pronounced spikes in attacks take place on major holidays. Whether that’s Black Friday and Cyber Monday or the all-important holiday season leading up to New Year.

Attacks are increasing

In some cases, the motivation behind attacks might simply be boredom or troublemaking on the part of attackers. They know that such an attack is likely to cause significant damage. Some other attacks could conceivably result from business feuds. Sometimes, unscrupulous rivals try to tip the balance in their favor by knocking a competitor offline at a crucial juncture. Occasionally the motivation is money. These so-called RDDoS (Ransom Distributed Denial of Service) attacks attempt to extort payments from victims by threatening to hit them with a DDoS attack. Or they initiate such an attack and then charge them money to call it off.

Ecommerce sites can be particularly vulnerable to DDoS attacks. Unless yours is the only website to sell a particular in-demand product (in which case you’re still losing out on potential sales during downtime), customers will simply move elsewhere to purchase an item that they are looking for.

Ecommerce is a highly competitive field, and if one website is unavailable, customers will jump to another. In some cases, DDoS attacks have continued for multiple working days. For businesses that rely on certain windows in the year to make a significant percentage of their profit, this could be devastating.

Furthermore, ecommerce websites may be more prone to seeing spikes in traffic at certain times of year, as with the aforementioned holidays. During these high traffic periods, it wouldn’t take too much of an extra push via fake traffic from a botnet to knock a service offline.

Defending against DDoS

Ensuring site availability for your customers should be priority number one for any online retailer. Without an online storefront, there’s no way to sell products. Fortunately, the tools exist to help company owners, website operators, and others defend against DDoS attacks.

A Web Application Firewall (WAF) can help block malicious traffic from outside your network. This ensures only filtered traffic from legitimate users gets through. Cybersecurity experts can also help you keep on top of new and emerging methods of attack, offering solutions that constantly reflect (and can help defend against) the latest ways cybercriminals may leverage DDoS to attack targets.

In addition, if you are the target of a DDoS attack, they can help absorb various attacks of considerable size and duration. This ensures that your website or online service remain available to users at all times.

DDoS attacks are one of the nastiest threats ecommerce retailers can face. However, by adopting the right countermeasures, you can safeguard against them. Safeguards minimize downtime, avoid disruption for your customers, and save you unnecessary stress and headaches fending off attackers.