Cyber Monday (November 28, 2016) follows the Thanksgiving holiday weekend here in the U.S. If the past is any indication, hackers will most likely strike again, on some major retail site(s). Most of the time, Cyber Monday attacks have taken the form of phishing scams and theft of data such as credit card numbers and email addresses. There have not been many major distributed denial of service (DDoS) attacks on Cyber Monday, but with the way DDoS attack trends are going, there is still reason for concern.
It’s highly possible that an online retailer could become a victim of a large, volumetric DDoS attack. The technology to launch DDoS attacks is cheap, and widely available to hackers. Therefore, IT security staff at online retailers should ask themselves this question: can they distinguish a good spike in web traffic vs. a bad spike (DDoS attack)? Retailers hope to have massive spikes in traffic to their websites, because of holiday promotions. However, a spike in traffic could be caused by a volumetric DDoS attack. The problem is, legacy DDoS mitigation solutions, such as cloud-scrubbing services, are not very good at detecting/discerning exactly what is “bad” traffic.
In addition to fending off large, volumetric attacks, online retailers should also be on the lookout for low-threshold, sub-saturating DDoS attacks, because those often serve as a smokescreen for a security breach, such as data theft, or installation of malware or ransomware. However, it’s those smaller attacks that go unnoticed by legacy, traditional DDoS mitigation solutions. In a sub-saturating attack, hackers can take down the target’s assets while leaving Internet connectivity in place. Even if a small attack does trigger a legacy DDoS scrubbing solution, the attack is usually over in less than the time it takes (usually 10-30 minutes) for that scrubbing to even activate.
So what can online retailers do to prevent small or large DDoS attacks from hitting their networks? Install an inline, automated denial of service solution. Or, if that’s not possible, retailers should ask their Internet Service Provider (ISP) if it offers DDoS protection as a service. Many ISPs now offer this protection to their customers, so it’s worth inquiring.
For more information, contact us.