Chinese New Year is always a shopping boom time in town. People are generous in spending on food, decorations, and fashion during the important cultural festival. While retailers are focused on ensuring that they successfully take advantage of spikes in online and in-store sales, are they as prepared as they need to be to defend against major distributed denial of service (DDoS) attacks?
Avoiding a cyber-crime catastrophe
Thanksgiving officially kicks off the biggest shopping period of the year globally.
The period through to Chinese New Year may be a sales bonanza, but it’s also a period of high vulnerability that criminals exploit to maximize the threat to a retailer’s business.
Along with gaming and finance companies, retailers are popular targets because they store sensitive data that thieves can use for financial gain. Additionally, DDOS attacks are often used to distract organizations so that even more costly web application attacks can take place at the same time. But the truth is no industry is immune and the threat is increasing in its relentlessness.
With Chinese New Year sales accounting for a sizeable chunk of most retailers’ revenues, from a criminal’s perspective, there could hardly be a better time to launch a cyber attack. What’s more, with systems already creaking under a load of peak volumes, it might not take much of a straw to break the camel’s back.
The last thing a retailer wants is for their business to spectacularly and very visibly come to a sudden halt because they can’t defend against and mitigate a major distributed denial of service (DDoS) attack.
Retailers face a growing threat
Talk of cyber attacks are more than mere scaremongering – the threat is very real. For example, in September, the release of the Mirai code — a piece of malware that infects IoT devices enabling them to be used for DDoS attacks — opened a Pandora’s box of opportunities for ruthless cyber entrepreneurs who want to disrupt their target markets and exploit the vulnerabilities and weaknesses of companies who honestly serve their customers.
This code gives criminals the ability to orchestrate legions of unsecured Internet of Things (IoT) devices to act as unwitting participants in targeted DDoS attacks. These objects could be anything from domestic hubs and routers to printers and digital video recorders — as long as they’re connected to the internet.
The latest large DDoS attacks have used botnets just like this — proving that the bad guys are multiplying and, most likely, gearing up for bigger things.
Asia is not immune and Hong Kong is a prime target
According to a recent report by Nexusguard, DDoS attacks increased 43 percent in Q2 to 34,000 attacks in the Asia-Pacific region and 83 percent worldwide. The largest increase was seen in Hong Kong, where attacks rose an astonishing 57 percent.
China, which saw a 50% increase in attacks, is the number one target in the region. According to the report, over the course of a month, a Chinese website was attacked 41 times.
The fact is, that every company needs to pay this issue serious attention and put effective plans in place.
Prevention is the better than the cure
There are no easy answers to the question of how to secure IoT smart devices — especially at the ‘budget conscious’ end of the market. That’s why we expect that these DDoS attacks will continue to proliferate, meaning that targeted DDoS attacks of increasing scale and frequency will almost certainly occur as a result.
So how can retailers defend themselves against the threat of an attack?
Organizations have to use a combination of measures to safeguard against even the most determined DDoS attack. This include:
1. Limiting the impact of an attack by absorbing DDoS traffic targeted at the application layer, deflecting all DDoS traffic targeted at the network layer and authenticating valid traffic at the network edge
2. Choosing an ISP that connects directly to large carriers and other networks, as well as internet exchanges — allowing traffic to pass efficiently
3. Employing the services of a network-based DDoS provider — with a demonstrable track record of mitigating DDoS attacks and sinking significant data floods. This will safeguard specific IP address ranges that organizations want to protect.
Chinese New Year is a critical period for retailers — and hopefully for all the right reasons. But in an increasingly digital world, consideration needs to be given to the IT infrastructure that underpins today’s retail business and the security strategy that protects it.