Corero Advises Retailers of Risks Associated with DDoS Attacks During Holiday Shopping Season

As the Holiday Shopping Season Heats up so will the Number of Distributed Denial of Service Attacks Against Retailers

Hudson, MA., November 22, 2011 – Corero Network Security (CNS: LN), the leader in on-premises Distributed Denial of Service (DDoS) defense for enterprises, data centers and hosting providers, today advised retailers across North America to adopt strong defensive measures now to protect their websites against DDoS attacks that could cripple online business during the holiday season, which retailers depend upon for up to 40 percent of their annual revenue.

As the holiday shopping season heats up, retailers anticipate online sales to exceed last year's totals, which were in excess of $36 billion, according to a MasterCard report, with consumers spending about $1 billion online on Cyber Monday alone in 2010 (source: comScore). But e-commerce is a very attractive target for DDoS attacks, typically perpetrated by cyber-criminals who extort money under threat of attack, and unscrupulous competitors who sabotage other companies' websites to undermine customer confidence and drive increased traffic to their own.

"Many high-profile and damaging DDoS attacks have made headlines in 2011, and in some instances the results have crippled the websites of Fortune 500 companies," said Mike Paquette, chief strategy officer, Corero Network Security. "The bottom line is that retailers and other blue chip corporations need to improve their defensive posture against DDoS attacks, as criminals and hactivists have significantly increased the frequency and sophistication of DDoS attacks they employ."

DDoS attacks are on the rise as a major security problem, increasing by 30 percent in 2010 and expected to rise again this year, according to technology analyst firm Gartner. DDoS attacks bring victim websites to a crawl or halt, using network flooding techniques that have been in use for more than a decade, and more recently, insidious application-layer attacks which are very difficult to detect. Online commerce depends on sites that are responsive and always available. Frustrated customers will quickly abandon an unresponsive site and go to another.

Corero strongly recommends a 5-step DDoS defense program to mitigate risk:

  1. Create a DDoS Response Plan
    As with all incident response plans, advance preparation is a key requirement for rapid and effective action, avoiding an "all-hands-on-deck" scramble in the face of a DDoS attack. A DDoS response plan lists and describes the steps an organization should take if its IT infrastructure is subjected to a DDoS attack. Increasingly, DDoS attacks against high-profile targets are intelligent, determined and persistent.
  2. Protect Your DNS Servers
    The Internet Domain Name System (DNS) is a distributed naming system that enables us to access the Internet by using recognizable and easy to remember names, such, rather than numeric IP addresses (e.g. on which network infrastructure relies to route messages from one computer to another. Since DNS is distributed, many organizations use and maintain their own DNS servers to make their systems visible on the Internet. These servers are often targeted by DDoS attacks; if the attacker can disrupt DNS operations, all of the victims' services may disappear from the Internet, causing the desired Denial of Service effect.
  3. Maintain Continuous Vigilance
    DDoS attacks are becoming increasingly smart and stealthy in their methods. Waiting for an application to become unresponsive before taking action is already too late. For optimal defense, a DDoS early warning system should be part of a company's solution. Continuous and automated monitoring is required in order to recognize an attack, sound the alarm and initiate the response plan.
  4. Know Your Real Customers
    A brute-force or flooding type of DDoS attack is relatively easy to identify, though it requires high performance and sophisticated real-time analysis to recognize and block attack traffic while simultaneously allowing legitimate traffic to pass.
    Detection of the more insidious application-layer attacks requires a thorough understanding of the typical behaviors and actions of bona fide customers, employees, or other website visitors accessing the applications being protected. In much the same way that credit card fraud detection may be automated, on-premises DDoS defense systems establish legitimate usage profiles in order to identify suspicious traffic and respond accordingly.
  5. Deploy On-Premises DDoS Defenses
    On-premises DDoS defense solutions installed immediately in front of application and database servers are required to provide a granular response to flooding type attacks, as well as to detect and block the increasingly frequent application-layer DDoS attacks. For optimal defense, on-premises DDoS protection solutions should be deployed in concert with automated monitoring services to rapidly identify and react to evasive, sustained attacks.