Member of vDos booter ‘taken advantage of’ by vDos crew Brit teen Jack Chappell has avoided being sent to prison after pleading guilty to helping launch DDoS attacks against NatWest, Amazon and Netflix, among others.…
Black Friday will be a big day for retailers — and hopefully for all the right reasons. Some of the biggest shopping days of the year are upon us. But while retailers are focused on ensuring that they cope with huge peaks in online and in-store sales, are they as prepared as they need to be to defend against major distributed denial of service (DDoS) attacks? Avoiding a cyber-crime catastrophe Black Friday is here (along with the increasingly popular Cyber Monday). As ever, crowds of shoppers will flock to retailers’ stores and websites in search of rock-bottom prices. And this will mean a huge increase in sales for both physical and online stores. Black Friday may be a sales bonanza but it’s also a period of high vulnerability that criminals could exploit to maximise the threat to a retailer’s business. With Christmas sales accounting for a sizeable chunk of most retailers’ annual revenues, from a criminal’s perspective, there could hardly be a better time to launch a cyber attack. What’s more, with systems already creaking under the load of peak volumes, it might not take much of a straw to break the camel’s back. The last thing a retailer wants is for their business to spectacularly and very visibly come to a sudden halt because they can’t defend against and mitigate a major distributed denial of service (DDoS) attack. Retailers face a growing threat Talk of cyber attacks are more than mere scaremongering – the threat is very real. For example, in September, the release of the Mirai code — a piece of malware that infects IoT devices enabling them to be used for DDoS attacks — opened a Pandora’s box of opportunities for ruthless cyber entrepreneurs who want to disrupt their target markets and exploit the vulnerabilities and weaknesses of companies who honestly serve their customers. This code gives criminals the ability to orchestrate legions of unsecured Internet of Things (IoT) devices to act as unwitting participants in targeted DDoS attacks. These objects could be anything from domestic hubs and routers, to printers and digital video recorders — as long as they’re connected to the internet. The latest large DDoS attacks have used botnets just like this — proving that the bad guys are multiplying and, perhaps, gearing up for bigger things. Prevention is better than the cure There are no easy answers to the question of how to secure IoT smart devices — especially at the ‘budget conscious’ end of the market. That’s why we expect that these DDoS attacks will continue to proliferate, meaning that targeted DDoS attacks of increasing scale and frequency will almost certainly occur as a result. So how can retailers defend themselves against the threat of an attack on Black Friday? Organisations have to use a combination of measures to safeguard against even the most determined DDoS attack. These include: Limiting the impact of an attack by absorbing DDoS traffic targeted at the application layer, deflecting all DDoS traffic targeted at the network layer and authenticating valid traffic at the network edge. Choosing an ISP that connects directly to large carriers and other networks, as well as internet exchanges — allowing traffic to pass efficiently. Employing the services of a network-based DDoS provider — with a demonstrable track record of mitigating DDoS attacks and sinking significant data floods. This will safeguard specific IP address ranges that organisations want to protect. Black Friday will be a big day for retailers — and hopefully for all the right reasons. But in an increasingly digital world, consideration needs to be given to the IT infrastructure that underpins today’s retail business and the security strategy that protects it. Source: http://www.itproportal.com/features/three-ways-to-prevent-a-ddos-disaster-this-black-friday/
View original post here:
Three ways to prevent a DDoS disaster this Black Friday
Don’t miss out on Black Friday sales: why retailers must prepare for DDoS threat to online shopping. The recent spate of Distributed Denial of Service (DDoS) attacks should be a call to action for online retailers to prepare their defences in the run-up to Black Friday. DDoS attacks flood a target website with redundant traffic and take it offline. This is bad news for any company with an online presence; it can damage the company’s image in the eyes of potential customers if they attempt to access support services, for example, and find that the site is not operational. But with retail, the threat is an existential one and in the case of Black Friday could make the difference between success and bankruptcy. An example of an existential DDoS was seen earlier this month when the website of bookmaker William Hill was attacked and taken offline for around 24 hours. The threat is not new to the betting industry; in 2004, the online betting industry was hit with DDoS attacks during the Cheltenham horse races. The technical team for the website worked tirelessly to restore service, but estimates of the company’s losses are in the millions of pounds. These seem significant, but one can only imagine the losses on a peak day (not to denigrate the importance of the KAA Gent vs Shakhtar Donetsk fixture that took place during the attack). Imagine if attackers had hit the betting site during a major tournament such as the World Cup or the Olympics. Black Friday is perhaps the retail equivalent of the World Cup. In 2015, consumers in the UK spent £3.3 billion during the Black Friday and Cyber Monday weekend. According to Rubikloud, a machine intelligence platform for enterprise retailers which analysed Black Friday sales in 2015, retailers acquire 40 percent more customers on Black Friday than the average shopping day. In this context, a DDoS could be lethal to a vendor. As Martin McKeay, Akamai’s Senior Security Advocate, says, “if retailers have a DDoS hit it could mean the difference between making or failing to make their figures for the year.” The Akamai Q3 2016 State of the Internet/Security report found that DDoS capacities are increasing. In the quarter Akamai found a 58 percent year-on-year increase in attacks of over 100 Gbps. Even without a DDoS, the traffic increase to a site will be huge anyway and the chances of a website crashing are there. Analysis by cloud and CDN provider Tibus suggests that websites including those of Boots, Boohoo, John Lewis and Argos suffered service outages during last year’s Black Friday. So what is to be done if retailers are to protect the November cash cow? The first step is to evaluate what a DDoS would do to an organisation, says McKeay. “Understand your exposure and what it will cost you. If you are a merchant you can’t take the chance of being knocked offline.” Visibility is the key foundation for DDoS mitigation. Having a view of the actual volume of traffic hitting your site allows decisions to be made on policy. In terms of the architecture of a DDoS prevention solution, there are three lines of defence: the basic mitigation in network equipment, dedicated customer premises equipment (CPE) devices and finally, cloud integration. A DDoS mitigation provider will be all too happy to talk a customer through the technological aspects of DDoS mitigation, but there are also important management decisions to be made. Crucially, think about the outcome you want. “Is it better for most of the people to have some service or all of them to have none? It’s about keeping the service available, because their goal is to not have it available,” Steve Mulhearn, Fortinet’s Director of Enhanced Technologies UKI & DACH, told CBR in a recent interview. Nowhere is that more true than in retail, where a vast array of factors come into play when a customer is making a transaction. Research, including a study by Baymard in July 2016, continues to show low conversion rates for online shopping: sometimes languishing around the 25 percent mark. Retailers will need to use their own data and experience of their own site to learn how to allocate resources. For example, focus on keeping online the parts of the site enabling the actual transaction rather than auxiliary services. Black Friday should be an opportunity for retailers, not a threat – which is why a DDoS prevention strategy should be on every online vendor’s shopping list. Source: http://www.cbronline.com/news/cybersecurity/breaches/ddos-wipe-black-friday-online-sales/
Could a DDoS wipe out Black Friday online sales?