Black Friday and Cyber Monday – Prime Time for Cyber Crime

Black Friday and Cyber Monday are just around the corner, and while holiday shoppers are making their lists and checking them twice, no doubt cyber criminals are making their own lists—of e-commerce sites to target. Holiday shoppers traditionally hit both online and brick and mortar stores on Black Friday (the day after Thanksgiving) and shop through to Cyber Monday. According to a National Retail Federation survey, 75 million people are expected to shop online on Cyber Monday to take advantage of online bargains. According to, shoppers spent $3.36 billion on Cyber Monday 2017, up from $2.67 billion in 2016. Retailers generally make anywhere from 30-50% of their annual profits during the holiday season.

E-commerce sites are popular targets for cyber criminals, so retailers should ensure they have the latest protection against targeted attacks which lead to potential malware and data infiltrations in their networks. Theft of sensitive data (credit/debit card numbers, email addresses, financial accounts, etc.) is a major concern for IT security staff at retail companies. For eye-popping statistics on the number of data breaches each month, check out the most recent Identity Theft Research Center monthly summary report, and notice that businesses had the highest number of breaches compared to other sectors. Consumers rely on retailers to protect their data, so it’s incumbent upon retailers to protect their payment card infrastructure and deploy appropriate defenses at the perimeter of the data center.

To help protect their networks from theft of sensitive data, companies should be sure to have effective protection from distributed denial of service (DDoS) attacks. It’s not a matter of if a retailer will experience a DDoS attack, it’s a matter of when. Though there are dozens of types of DDoS attacks, basically they fall into two categories:

  1. Volumetric DDoS attacks can affect website availability/service by sending a high amount of traffic, or request packets, to the target network in an effort to overwhelm its bandwidth capabilities. Such attacks can crash a website, which would obviously cause customer attrition, loss of revenue and brand damage. How much would it cost a company if no web transactions could take place for 4 hours? 8 hours? A full day? During the holiday season, the loss of revenue could be devastating.
  2. Low volume, short duration DDoS attacks often serve as a smokescreen for a security breach such as data theft, or installation of malware or ransomware. In a sub-saturating attack, hackers can take down the target’s assets while leaving Internet connectivity in place.

Although an online retailer could become the victim of a large, volumetric DDoS attack, cyber criminals generally prefer to make money by stealing sensitive data. Our 2018 DDoS Trends research indicates that 94% of DDoS attacks are 5Gbps or less, with these smaller attacks often being used as part of targeted efforts to steal sensitive data. Small attacks often go undetected by legacy DDoS mitigation solutions. Even if a small attack does trigger a legacy DDoS scrubbing solution, the attack is usually over in less than the time it takes for that scrubbing to activate (usually 10-30 minutes). Whatever the motive, an undefended DDoS attack of any size during this prime shopping season is going to lead to a big hit to the bottom line, for every minute of lost trading.

The only way to guard against these increasingly common and sophisticated attacks is to maintain comprehensive, granular visibility and automated mitigation capabilities across a network, so that even small DDoS attacks can be instantly detected and blocked as they occur and before they cause damage. Corero’s SmartWall Threat Defense System automatically discerns between normal good traffic and bad DDoS traffic, giving IT security teams more time to tackle the plethora of other challenges they have. Online retailers can prevent DDoS attacks of all sizes from impacting their networks, either directly, or via their Internet Service Provider (assuming it offers DDoS protection as a service). Many ISPs do now offer the latest generation of real-time protection to their customers, so it’s worth inquiring.

For more information, contact us.

Sean Newman is VP Product Management for Corero Network Security. Sean has worked in the security and networking industry for twenty years, with previous roles including network security Global Product Manager for Cisco, who he joined as part of their acquisition of cyber-security vendor Sourcefire, where he was Security Evangelist and Field Product Manager for EMEA. Prior to that he was Senior Product Manager for endpoint and network security vendor Sophos, after having spent more than 12 years as an Engineer, Engineering Manager and then Senior Product Manager for network infrastructure manufacturer 3Com.