From there, they see how they can compromise credentials to give them access specifically to Command and Control infrastructure, likely through Privilege escalation.They use an exploit to get access and infect a particular machine perhaps even through the social engineering of phishing.An attacker has likely built some malware that they can use to begin attacks.Botnets are generally a number of internet connected computers that are communicating with other machines and they coordinate their actions through Command and Control infrastructure. The mechanisms often used to deploy DDoS attacks are through botnets. This is especially impactful for online shopping specifically at times when retailers are expecting high volume traffic to their websites. There are many different brands and varieties of DDoS attacks, but what they ultimately all have in common is that the objective is to overwhelm the infrastructure serving up an IP address with so many fake requests that it paralyzes the infrastructure preventing legitimate requests from coming in. For every second, minute, or hour you are down, that’s lost revenue for your company. Imagine what a DDoS attack could do if you have an outage for any extended period of time. So, let’s say you are a retailer that has had a sluggish year and you’re counting on this holiday season to really turn things around for your company, specifically by driving sales on Cyber Monday. This clearly shows that while brick and mortar shopping isn’t going away, online shopping is now becoming the norm during the holiday season. It’s actually not just Cyber Monday as many people shop online over the four day period from Black Friday to Cyber Monday, so any downtime for your system gets magnified during those peak 4 days.Īdditionally, data from ShopperTrak shows that in store shopping dropped 10% year-over-year from 2014 to 2015 despite a 17% increase in online shopping on Cyber Monday. To put this in perspective, that is about $2.1 Million worth of e-commerce transactions per minute in a 24 hour period. In 2015, Cyber Monday generated $3.07 Billion, which was an increase of 16% year-over-year, and sales from a Mobile Device or Tablet achieved $799 Million which was also a new record. The impact of a DDoS attack on an Internet Retailer on Cyber Monday is huge from an economic perspective. Given the recent trend of security breaches and attacks, it just feels like this particular holiday season we are poised for some kind of DDoS attack that’s greater in scale than anything we’ve ever seen that could wreak havoc on the retail industry. However, the massive scale of the attack at Dyn has certainly raised the awareness of DDoS attacks in general and the impact these have on our day-to-day lives. In the security industry, we have grown accustomed to botnet style DDoS attacks happening all around us. While we love all the comforts that Cyber Monday provides us as shoppers this holiday season, let’s not forget that it also starts off the season for DDoS attacks. What can we expect this Cyber Monday?Ĭyber Monday gives us the ability to shop great holiday discounts from anywhere in the world, and it allows us to avoid the long lines and inventory related fights that we have grown accustomed to seeing between shoppers each Black Friday over the last few years.
Internet shopping during the holiday season has become such a major driver of retail sales that in addition to Black Friday, we now have Cyber Monday (on Monday, November 28 this year) which now gives consumers the additional choice to take advantage of fantastic discounts from the luxury of their couch by computer or mobile device. It’s especially the case when we consider purchases we make and how our shopping habits have evolved with online shopping. It’s fair to say that the Internet is here to stay. In today’s blog we will talk about what to expect this Cyber-Monday. In part one of this series, we discussed how PCI-DSS regulations were only a starting point for truly securing your organization against cyber-security risk.
It’s also the time where retailers are most vulnerable to security risks as bad actors gear up to target retailers. It’s that time of year where retail booms as the world goes shopping for gifts during the holiday season.