By Martin Brown, Chief Security Futures Architect, BT Global Services
For retailers, e-commerce has not only become a convenient way for customers to research items, browse new inventory and ultimately purchase goods, but it has also turned into a large revenue generator. According to Forrester, e-commerce sales are expected to rise from $231 billion to $262 billion in the U.S. this year, a 13 percent increase. This robust growth has been attributed to more consumers using their smartphones and tablets to complete transactions.
Eventually, revenue from e-commerce is expected to surpass that of brick-and-mortar locations, so it is crucial that retailers are investing in online platforms early, as well as ensuring that their IT systems can combat any issues they might encounter.
Figuring out which issues to take seriously can be an issue in the ever-changing landscape of digital technology. The Target credit card breach or eBay website hack can make retailers want to quiver in fear, but the threats and seriousness of these issues are not something to be discounted. An issue with a mobile application or website could paralyze a business and can quickly cost a retailer thousands or even millions of dollars. One of the known threats to retailers that could ultimately cause a significant disruption to e-commerce retailers is a DoS or DDoS attack.
What is a Dos / DDoS attack?
At a fundamental level a denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a machine or network resource unavailable to its intended users.
Although the means to carry out, motives for, and targets of a DDos or DoS attack may vary, it generally consists of the efforts of one or more people to temporarily or indefinitely interrupt or suspend connectivity to the Internet.
Perpetrators of these attacks typically target sites or services hosted on high-profile web servers, such as banks, retail or card payment gateways. The term is generally used in reference to computer networks but is not limited to this field.
While firewalls and IPS/IDS (intrusion prevention and detection) services can offer a certain amount of protection if configured appropriately, once the internet pipe between the ISP (Internet Service Provider) and customer is overloaded the net effect is that the DoS/DDoS is successful as not only is the target of the attack affected but any other services routed down the same link are also impacted.
How big is the problem?
DDoS has become the weapon of choice for many cyber attackers but also serves as a useful distraction to divert scarce security engineering resources from other backdoor attacks undertaken concurrently with the DDoS.
The largest recorded attack in 2014 so far, as reported by Arbor Networks, was 325 Gigabits/second (Gbps) directed at a user in France.
In February 2014 BT, working together with Arbor, its technology partner, successfully mitigated an attack of 54 Gbps against a large UK retail organization. This attack, had it been successful, could have affected daily online business of around $8 million and seriously impacted brand reputation. Fortunately this customer already was a subscriber to the BT DDoS mitigation service and normal service was restored within 10 minutes of the attack starting.
BPS = bits per second, PPS = packets per second
Source: Arbor Networks
As can be seen from the table above the scale of DDoS attacks is continuing to grow and that trend is predicted to continue over the next five years.
When the target of a DDoS attack is a revenue-generating website, the result is twofold. First, the company may need to manage brand damage and customer dissatisfaction, which have a less defined cost associated with them. Second is a more recognizable loss of revenue driven either by online customer activity being significantly reduced or lost due to being unable to interact with the website for orders or changes.
How can technology help?
There are several companies in the marketplace working to help retailers and other businesses combat DDoS/DoS attacks. For example, some services provide an automated system which, when specific triggers are met, prevents downstream links to customer sites being saturated with traffic therefore not only the target has been protected but the other services using the connection are also protected.
Services that provide mitigation at the core of the network can combat high volume attacks more efficiently and effectively. Perimeter mitigations effectively protect the infrastructure from malicious traffic targeted at networks or hosts, which can result in significant volumes of malicious traffic being discarded before it can be of any harm.
Some service providers that own their own network typically are able to surgically reroute traffic right down to the individual IP address and pass it through a DDoS mitigation or scrubbing center before dropping the cleansed traffic into the target’s local network. This means that the right traffic can get through to the customer’s network such as order placements, while the malicious traffic is discarded.
How can retailers mitigate risk?
The threat of DoS and DDoS attacks is real and not slowing down anytime soon. The potential to be affected by these types of attacks is a very present and harsh reality for businesses everywhere. The key to mitigating this risk is preparation – knowing who your allies are in your time of need. This is especially true for retailers. Attacks happen quickly and the results can be catastrophic.
With the continued growth and importance of e-commerce, retailers need to be taking appropriate precautions to ensure that their customers, bottom lines and reputations do not suffer in the event of an attack.
Martin Brown is the chief security futures architect for BT Global Services. Using his 20 years of security industry experience, he is responsible for the strategic determination, definition and down-streaming of new and innovative security products and services for BT, as well as managing relationships with BT security partners.