SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Black Friday and Cyber Monday set to represent historic security challenges for retailers
Fri, 26th Nov 2021
FYI, this story is more than a year old

Threat researchers at NETSCOUT have found cybercriminals continue to take advantage of increased online interactions and transactions, launching a staggering 5.4 million DDoS attacks from January to June 2021.

This year's Black Friday and Cyber Monday are set to represent historic security challenges for retailers, as well as cybersecurity professionals operating in the retail sector.

According to NETSCOUT's 2021 H1 Threat Intelligence Report, if this level of activity were to continue, the world would be on track to hit close to 11 million DDoS (Distributed Denial-of-Service) attacks in 2021 - a record for a calendar year. Focusing specifically on the retail sector, the threat analytics company observed over 41,000 DDoS attacks against electronic shopping and mail-order houses in the first half of 2021, putting the sector in the top five vertical industry targets.

"From supply chain to security, the retail sector faces a number of challenges as we approach the festive season," says NETSCOUT AVP of Engineering, Threat and Mitigation Products, Hardik Modi.

"From a cybersecurity perspective, we're seeing an increasing number of retail firms reporting DDoS extortion attacks. This is when cybercriminals threaten organisations with a DDoS attack unless they pay an extortion demand," he says.

"These days, DDoS attacks are a matter of when, not if - and a successful attempt can lead to costly downtime and lasting reputational damage. To protect themselves, online retailers should invest in a robust DDoS mitigation system, which would effectively eliminate the need to worry about public-facing services should they experience an attack."

He says there are sophisticated tools available to defend the infrastructure in a worst-case scenario, and they can give retailers confidence that the fallout will be minimal.

"However, this cannot be a 'set and forget' or checkbox exercise," he adds. "It's essential to test any DDoS defence system on a semiregular basis to ensure that any adjustments made to the online infrastructure are reflected in the overall DDoS mitigation strategy.

"There must also be a fool-proof plan of action and a full understanding of who to alert - from local regulatory bodies to key stakeholders and security suppliers - should a DDoS attack take aim. This is particularly true in the event of a DDoS extortion demand."

Some key areas that the report explores include:

Adaptive DDoS Attacks 
Adversaries developed new adaptive DDoS attack strategies that evade traditional mitigation techniques. Threat actors custom-tailor each attack to bypass multiple layers of DDoS mitigation and protection, both cloud-based and on-premises.

7 Attack Vectors in 7 Months
Threat actors exploited or weaponised at least seven newer reflection or amplification DDoS attack vectors within the past seven months, igniting an explosion of new UDP-based attack modes.

Connectivity Supply Chain Under Attack
Threat actors are upping attacks on vital components that make the internet tick, such as DNS servers, VPN concentrators and services, and internet exchanges.

Triple Extortion: A Ransomware Trifecta
Ransomware gangs added triple-extortion attacks to their criminal service offerings. By combining data encryption, data theft, and DDoS attacks, threat actors hit a ransomware trifecta designed to increase the possibility of payment.

ISPs Face DDoS Extortion Attacks
Threat actors launched the self-dubbed Fancy Lazarus DDoS extortion campaign that primarily targets authoritative DNS servers for ISPs. Meanwhile, the more broadly based Lazarus Bear Armada (LBA) DDoS extortion campaign continues to target victims across a range of industries.

Botnet Exposé
The NETSCOUT analysis pulls back the curtain to detail how black hats leverage fast-growing botnets to launch DDoS attacks.