Jingle Bells, Retail Sells, Attacks are on the Way (Part 2)

It’s that time of year where retail booms as the world goes shopping for gifts during the holiday season. It’s the time for retailers to shine. It’s also the time where retailers are most vulnerable to security risks as bad actors gear up to target retailers.  In part one of this series, we discussed how PCI-DSS regulations were only a starting point for truly securing your organization against cyber-security risk. In today’s blog we will talk about what to expect this Cyber-Monday.

Internet Commerce

It’s fair to say that the Internet is here to stay. It’s especially the case when we consider purchases we make and how our shopping habits have evolved with online shopping. Internet shopping during the holiday season has become such a major driver of retail sales that in addition to Black Friday, we now have Cyber Monday (on Monday, November 28 this year) which now gives consumers the additional choice to take advantage of fantastic discounts from the luxury of their couch by computer or mobile device.

What can we expect this Cyber Monday?

Cyber Monday gives us the ability to shop great holiday discounts from anywhere in the world, and it allows us to avoid the long lines and inventory related fights that we have grown accustomed to seeing between shoppers each Black Friday over the last few years. While we love all the comforts that Cyber Monday provides us as shoppers this holiday season, let’s not forget that it also starts off the season for DDoS attacks.

In the security industry, we have grown accustomed to botnet style DDoS attacks happening all around us. However, the massive scale of the attack at Dyn has certainly raised the awareness of DDoS attacks in general and the impact these have on our day-to-day lives. Given the recent trend of security breaches and attacks, it just feels like this particular holiday season we are poised for some kind of DDoS attack that’s greater in scale than anything we’ve ever seen that could wreak havoc on the retail industry.

Financial Impact of a DDoS Attack

The impact of a DDoS attack on an Internet Retailer on Cyber Monday is huge from an economic perspective. In 2015, Cyber Monday generated $3.07 Billion, which was an increase of 16% year-over-year, and sales from a Mobile Device or Tablet achieved $799 Million which was also a new record. To put this in perspective, that is about $2.1 Million worth of e-commerce transactions per minute in a 24 hour period. It’s actually not just Cyber Monday as many people shop online over the four day period from Black Friday to Cyber Monday, so any downtime for your system gets magnified during those peak 4 days.

Additionally, data from ShopperTrak shows that in store shopping dropped 10% year-over-year from 2014 to 2015 despite a 17% increase in online shopping on Cyber Monday. This clearly shows that while brick and mortar shopping isn’t going away, online shopping is now becoming the norm during the holiday season.

So, let’s say you are a retailer that has had a sluggish year and you’re counting on this holiday season to really turn things around for your company, specifically by driving sales on Cyber Monday. Imagine what a DDoS attack could do if you have an outage for any extended period of time. For every second, minute, or hour you are down, that’s lost revenue for your company.

What to Watch Out for with a DDoS Attack

There are many different brands and varieties of DDoS attacks, but what they ultimately all have in common is that the objective is to overwhelm the infrastructure serving up an IP address with so many fake requests that it paralyzes the infrastructure preventing legitimate requests from coming in. This is especially impactful for online shopping specifically at times when retailers are expecting high volume traffic to their websites.

The mechanisms often used to deploy DDoS attacks are through botnets. Botnets are generally a number of internet connected computers that are communicating with other machines and they coordinate their actions through Command and Control infrastructure.

A sample attack might look like this:

  1. An attacker has likely built some malware that they can use to begin attacks
  2. They use an exploit to get access and infect a particular machine perhaps even through the social engineering of phishing
  3. From there, they see how they can compromise credentials to give them access specifically to Command and Control infrastructure, likely through Privilege escalation
  4. By gaining these credentials, the bot then moves to the C&C infrastructure and then begins to do damage by overloading the server with fake requests thereby paralyzing the infrastructure

How to Prepare this Holiday Season

As we always say at Core Security, it’s not a matter of if but when an attack happens. With that said, what are some practical things you can do now to put in place prevention and risk mitigation strategies for your company this online season?

  1. Conduct Penetration Tests to identify weaknesses in your infrastructure. Even look to simulate social engineering attacks to test and train your employees and make them aware of the heightened risk this holiday season
  2. Know your Network and Prioritize your Vulnerabilities. Understand your network topology and specifically understand the attack path associated with gaining access to your C&C infrastructure. Make sure you prioritize remediating and patching the vulnerabilities that would give access to critical infrastructure long before Cyber Monday.
  3. Understand Access Risk within your environment. Make sure you quickly remediate any Abandoned or Orphaned Accounts. Make sure you are fully in control of your Privileged Accounts and you can attest and certify that the right people have the right privileges.
  4. Come Holiday shopping time, make sure you are constantly monitoring network traffic. Using Network Detection and Response tools can help you gain visibility to infected devices on your network quickly. Make sure to take immediate action on those infected devices before it’s too late and a botnet gains access to your C&C infrastructure

Don’t be caught unprepared this holiday season. Follow these steps to help ensure your cyber-security and keep your organization, and your customers, safe not only on Cyber Monday but all year long. 

Watch "Getting Inside the Mind of an Attacker"

CTA Text

In this recorded webinar, learn how to defend against common weaknesses vulnerability scanners uncover and attacks targeting TLS.