The number of DDoS attacks targeting e-commerce in Europe has increased four-fold over the last eight months.
According to research by Stormwall, between February and October 2020, the number of DDoS attacks targeted at online retail services quadrupled compared to the same period last year.
It claimed the growth in attack number is primarily contributed to the increased competition between online retailers during the global COVID-19 health crisis, and due to attackers extorting money from businesses. “Cyber-criminals use website downtime as a leverage, promising to stop the attack and restore the service operation, once the victim company pays the ransom,” the company said.
Zach Varnell, senior AppSec consultant at nVisium, said: ““DDoS attacks often go hand-in-hand with ransom notes demanding money to stop the attack. If these ransom notes get paid even at a small fraction of their frequency, DDoS operators will be incentivized to continue such schemes. This sometimes includes making good on their promise to attack those who do not pay up.
“Financial services were originally hit hard by these DDoS ransom threats and for obvious reasons as rich targets for cybercrime. Since there are far more online retailers than financial institutions today, and multiplying in their online presence owing to COVID-19, it is highly likely that targeting this industry is now becoming a lucrative source of ransom threats through DDoS attacks.”
He also pointed out that there are more customers shopping online now and therefore plenty of sensitive customer data to breach and exfiltrate, threatening online retailers who have previously not been security savvy.
Asked if he believed attackers are going after online retailers for financial gain, Brandon Hoffman, CISO at Netenrich, said: “They are 100% following the money. There has been a huge surge of online spending due to COVID-19 and a huge surge in furniture and home remodelling purchases. Many speculate that due to COVID-19, people are not able to take vacations so instead they are spending that budget improving their homes where they are essentially stuck more than normal. Coupled with the closing of physical stores worldwide, this explains the attack focus.”
Stormwall also found the number of attacks on online electronics stores had increased five-fold, the number of attacks on online furniture stores increased by eight-fold, while attacks aimed at online renovation stores grew by seven-fold.
“E-commerce has always been an attractive field to cyber-criminals, and during the pandemic, hackers’ interest in the sector developed even more,” said Ramil Khantimirov, CEO and co-founder of StormWall.
“Criminals are actively advancing the methods of DDoS attacks, and retailers are finding it increasingly difficult to defend against them. This is a serious threat. The new trend is that the attackers are attempting to find vulnerabilities that require a small number of requests per second to make a website unavailable. An effective defense system that can shield against this type of campaign needs to have intelligent DDoS protection, like proactive analysis and self-learning.”
Furthermore, the number of DDoS attacks over the HTTP protocol has risen by 296% between February and September 2020, compared to the same period last year.
According to research by Stormwall, between February and October 2020, the number of DDoS attacks targeted at online retail services quadrupled compared to the same period last year.
It claimed the growth in attack number is primarily contributed to the increased competition between online retailers during the global COVID-19 health crisis, and due to attackers extorting money from businesses. “Cyber-criminals use website downtime as a leverage, promising to stop the attack and restore the service operation, once the victim company pays the ransom,” the company said.
Zach Varnell, senior AppSec consultant at nVisium, said: ““DDoS attacks often go hand-in-hand with ransom notes demanding money to stop the attack. If these ransom notes get paid even at a small fraction of their frequency, DDoS operators will be incentivized to continue such schemes. This sometimes includes making good on their promise to attack those who do not pay up.
“Financial services were originally hit hard by these DDoS ransom threats and for obvious reasons as rich targets for cybercrime. Since there are far more online retailers than financial institutions today, and multiplying in their online presence owing to COVID-19, it is highly likely that targeting this industry is now becoming a lucrative source of ransom threats through DDoS attacks.”
He also pointed out that there are more customers shopping online now and therefore plenty of sensitive customer data to breach and exfiltrate, threatening online retailers who have previously not been security savvy.
Asked if he believed attackers are going after online retailers for financial gain, Brandon Hoffman, CISO at Netenrich, said: “They are 100% following the money. There has been a huge surge of online spending due to COVID-19 and a huge surge in furniture and home remodelling purchases. Many speculate that due to COVID-19, people are not able to take vacations so instead they are spending that budget improving their homes where they are essentially stuck more than normal. Coupled with the closing of physical stores worldwide, this explains the attack focus.”
Stormwall also found the number of attacks on online electronics stores had increased five-fold, the number of attacks on online furniture stores increased by eight-fold, while attacks aimed at online renovation stores grew by seven-fold.
“E-commerce has always been an attractive field to cyber-criminals, and during the pandemic, hackers’ interest in the sector developed even more,” said Ramil Khantimirov, CEO and co-founder of StormWall.
“Criminals are actively advancing the methods of DDoS attacks, and retailers are finding it increasingly difficult to defend against them. This is a serious threat. The new trend is that the attackers are attempting to find vulnerabilities that require a small number of requests per second to make a website unavailable. An effective defense system that can shield against this type of campaign needs to have intelligent DDoS protection, like proactive analysis and self-learning.”
Furthermore, the number of DDoS attacks over the HTTP protocol has risen by 296% between February and September 2020, compared to the same period last year.