What are DDoS Attacks And How Can You Protect Your eCommerce Store?
The e-commerce industry has seen a steady increase in the number of cyberattacks in recent years. And one specific type is dominating the headlines: the distributed denial-of-service (DDoS) attack.
These attacks were historically perceived as minor nuisances perpetrated by novice attackers for fun, and it was easy to mitigate them. Unfortunately, that’s no longer the case. DDoS attacks are now a sophisticated activity that requires careful planning and preparation to combat.
Here, we outline how you can do exactly that.
What are DDoS attacks and why do they occur?
A DDoS attack is a cybercrime involving malicious attempts to slow a server, service, or network to a standstill. It does this by flooding either the target or its surrounding infrastructure with internet traffic.
Imagine an unexpected traffic jam that clogs the motorway, preventing regular traffic from reaching its destination. DDoS attacks are similar – in this case, preventing your web visitors from exploring your site or following through with a sale.
Hackers have several motivations for performing these attacks. Typically, they’re financial – either the attacker steals customers or makes the victim pay a ransom. But they can also simply be expressing their disapproval by exploiting a company's cyber weakness. Whatever the rationale, these attacks have serious ramifications for the businesses they affect, including revenue loss, a critical decline in traffic, and a tarnished reputation.
How does a DDoS attack work?
The reason why these attacks are so effective is that they utilise multiple compromised computer systems as the sources of attack traffic – anything from computers and headsets to more complex networked resources. These are injected with malware by an attacker, allowing them to remotely control the device.
These individual devices are referred to as bots, and a group of bots is known as a botnet.
Once the botnet is established, the attacker can send instructions to each bot. For example, when the victim's server is attacked by the botnet, each bot sends requests to the target IP address. This overwhelms the server and results in a denial-of-service to normal traffic (which is where the type of attack gets its name).
In 2021, 57% of all attacks on e-commerce websites were carried out by bots – compared to 33% for all other industries.
How to identify a DDoS attack?
Each bot is a real internet device, which makes separating the attack traffic from legitimate traffic a challenge. The most obvious sign that you’re under attack is if your site suddenly becomes slow or, worse, unavailable. However, since there could be other reasons for a real spike in traffic to cause a similar impact (perhaps you’re running a sale or marketing campaign), a detailed investigation is usually necessary.
Traffic analytics tools can help you spot some of the signs of a DDoS attack, including:
- Large amounts of traffic originating from a single IP address or IP range
- Flood of traffic from similar users in terms of the device type, geo-location, or web browser version
- An unexplained surge in requests to a single page or endpoint
- Unnatural traffic patterns, such as a spike in numbers every 10 minutes
How to mitigate a DDoS attack?
Truth be told, this isn’t easy! DDoS attacks appear in several forms and can vary from un-spoofed single-source attacks to adaptive multi-vector attacks. The more complex the attack, the more likely it is that the malicious traffic will be difficult to separate from normal traffic – the attacker's goal is to blend in, after all, and make your mitigation efforts as inefficient as possible.
Overcoming a complex attempt at disruption requires a layered solution, delivered by experts, to achieve the greatest benefits.
Some common approaches include:
Anycast network diffusion
This diffusion method uses an Anycast network to scatter the attack traffic across several cloud providers to the point where the traffic is absorbed by the network. This spreads the impact of the distributed attack traffic, reducing its disruptive capability and making it more manageable. However, the success of this technique depends on the size of the attack and the efficiency of the networks.
Web application firewall
A web application firewall (WAF) can be inserted between the internet and an origin server to act as a ‘reverse proxy’, intercepting and filtering requests based on a series of rules to identify those that have been made by a bot. The benefit of implementing a custom WAF is the ability to quickly implement your own rules in response to an attack.
Blackhole routing
Blackhole routing involves the creation of a network route that leads nowhere. Without specific restriction criteria, both the legitimate and the malicious network traffic is funnelled to this ‘black hole’, and ultimately dropped from the network. Though a common method of mitigation, it’s far from ideal as it gives the attacker what they want: an inaccessible network.
Rate limiting
Limiting the number of requests a server will accept over a certain period is another way of mitigating DDoS attacks. This tactic is particularly useful in preventing brute-force login attempts and slowing web scrapers as they steal content. Yet it alone will likely be insufficient when faced with a more complex attack.
Partner with an e-commerce infrastructure specialist
Though these methods can be effective in certain situations, if they’re not used strategically, you may still experience intense losses in traffic and resulting revenue. More importantly, you can lose your customer's trust in your brand – something that takes years to build, but only seconds to destroy.
At Corefinity, we offer comprehensive solutions to help protect your e-commerce business against a range of unethical practices. We believe security is of the utmost importance to our clients. It’s one of the reasons why every level of our service agreements – from standard to enterprise – contains scanning, firewalls, and DDoS protection as standard.
We helped one of the UK's largest audio-visual retailers effectively mitigate DDoS attacks and attain a five times growth in revenues. You can read more about this here.
FREQUENTLY ASKED QUESTIONS
How long do DDoS attacks last?
According to an article by Comparitech, on average, a DDoS attack lasted for 30 minutes in the Q2 of 2021 and this has increased to 50 hours now.
How many DDoS attacks occur per day?
On average, Kaspersky’s securelist blog found that there were over 923 attacks daily in the Q2 of 2022. This value is projected to increase manifold in the coming years.
Is a DDoS attack permanent?
No, a DDoS attack is not permanent. As discussed above, it requires careful planning for efficient mitigation. Contact us today if you need help.
Are DDoS attacks illegal?
Yes, DDoS attacks are illegal. The National Crime Agency (NCA) outlines that the making, buying, and selling of stresser or booter services can result in a penalty, imprisonment, or both.
Where should I report a DDoS attack?
You can report to your local cyber law enforcement systems regarding DDoS attacks.
Contact us today if you need help.
