Online shoppers aren't the only ones that may overwhelm e-commerce Websites and crash them this holiday season. Cyber-attackers may be waiting in the wings with a DDoS attack.
holiday season ramping up, it's not just online shoppers that have to be
vigilant for cyber-threats. Enterprises and retailers have to be alert for
scammers, cyber-criminals and hackers.
distributed-denial-of-service attacks made headlines in 2011, and security
vendors warned retailers could face similar attacks during the holiday shopping
season. Online sales last year exceeded $36 billion during the holiday shopping
season, according to numbers released by MasterCard. Retailers anticipate this
year's online sales to exceed last year's figures, with industry estimates of
$1.2 billion in sales on Cyber Monday alone.
"denial-of-service outages are the name of the game for online retail
organizations during the heavy holiday shopping season," Adam Powers, CTO
of Lancope, told eWEEK.
Some can be
inadvertent, driven by high demand from shoppers. Powers described Target's
launch of the Missoni clothing line earlier this year as a "poster child
for a legitimate oversubscription DoS," noting that high demand for
Missoni merchandise "brought" Target "to its knees."
should check their infrastructure to make sure they can handle increased
network traffic and capacity, according to Check Point Software Technologies.
They can implement flexible hosting sites or cloud sites to add capacity and
prevent the site from crashing. The existing security gateway will also need to
be able to handle the increased traffic volume and keep scanning and protecting
the network, Check Point said.
Others can be
malicious, especially to an online retailer with a strong brand, according to
Powers. Cyber-criminals can take advantage of events such as Black Friday to
launch an attack, and hacktivists may also take advantage of intense media
attention to make a point, he said.
exceptionally vulnerable to distributed-denial-of-service attacks, as
unscrupulous players could also decide to sabotage competitor Websites to steal
customers, according to Corero Network Security. If the site is not available,
frustrated customers are more likely to just move to a competitor's site.
bottom line is that retailers and other blue-chip corporations need to improve
their defensive posture against DDoS attacks, as criminals and hacktivists have
significantly increased the frequency and sophistication of DDoS attacks they
employ," said Mike Paquette, chief strategy officer of Corero Network
use network flooding techniques and application-layer attacks such as
ApacheKiller to bring targeted Websites to a crawl or crash, rendering them
inaccessible to customers.
increased by 30 percent in 2010, and the number is expected to be higher in
2011, according to Gartner estimates. The attacks have also been escalating in
size and complexity in 2011, according to Paul Sop, chief technology officer at
Prolexic. Attackers generally are throwing more packets, using more bandwidth
and targeting the application layer, Sop said.
aren't the only ones that have to worry about DDoS attacks during this holiday
season, as hospitality, gaming and shipping services should also be on high
alert for DDoS attacks, Sop said. A significant percentage of yearly revenues
are made in the fourth quarter from holiday shoppers and a serious DDoS attack
can be financially devastating, according to Prolexic.
don't have to just worry about making sure their sites are up and capable of
handling the "influx of shoppers," but that the payment data being
collected remain secure, Mandeep Khera, CMO of LogLogic, told eWEEK.
Merchants who collect credit card
information have to ensure that their databases are secure so that attackers
who try to break in don't waltz off with payment information. Ensuring they are
following all 12 PCI requirements would help retailers protect customer credit
card data, according to Khera.