Ecommerce DDoS Threats: The Real Cost of Downtime.

As the proud owner of an Ecommerce site you know everything there is to know about your revenues, overheads, logistics—all the numbers to keep your business in the green. But most Ecommerce owners are in the dark when it comes to keeping their business safe from online threats. You would put a lock on your brick-and-mortar store, so why wouldn’t you do the same for your website?

The Growth of Ecommerce

Since the first online sale in 1994, Ecommerce has taken a steadily larger role in the global economy. By 2000 U.S. Internet sales reached 20 billion dollars, and in 2012 that number had multiplied by 10. With little upfront cost and ease of purchase, entrepreneurs and business owners are racing to get a piece of the Ecommerce pie. And with no time to lose–B2C global sales topped 1 trillion in 2013.

Threats to Your Online Business

With the Ecommerce market growing every year, it’s no surprise cyber crime is also on the rise. While identity theft and credit card fraud are still prevalent, the preferred method of causing trouble for online businesses is Distributed Denial of Service attacks. DDoS is the result of a hacker, or several hackers simultaneously sending a barrage of requeststo a server. This dramatic spike in requests inundates the server, and either slows the network or shuts it down completely. The average user cannot get through to the website among all these hacker-generated requests, and is thus denied service.  As you can see, these modern troublemakers are not exactly busting in with masks and moneybags.

It’s important to note that these DDoS attacks are not meant to steal your money, at least not directly. But the downtime caused by the DDoS strike can indeed be very costly. Every second your site is down means missed sales, missed opportunities. Not to mention losing the confidence of your customers, who expect your website to be reliable.

So then who has the incentive to carry out these attacks? Typically DDoS are executed, or ordered by competitors,  disgruntledclients or – on occasion – by ex-employees. DDoS is also the preferred method for cyber “hacktivists”, likethe Iranian Cyber Fighters of Izz ad-Din al-Qassam or Syrian Electronic Army.

DDoS in Action

One of the more prominent examples of the threat presented by DDoS attacks to the Ecommerce sector came in late 2013 a well-known Asian Ecommerce firm was hit with a high-level DDoS assault that lasted for over 150 hours and used one of the most complex DDoS techniques to date.

headless-browser-ddos-attack-heatmap

At thepeak of the attack, the victim’s server was averaging +690,000,000 hits a day, more than enough to take down even a Fortune 500 company. And the hackers in question were clever; their requests mimicked human behavior, camouflaged in 861 user agents, and frequently changed IPs.

Fortunately, this business was supported by a known DDos protection service (Incapsula), which was able to mitigate the attack with a series of cross-verification methods, used to identify and filter out the bot requests from those of authentic users. The outcome? Customers uninterrupted, reputation left untainted. However, as the reports of the attack came out, it was clear that the business was one step away from financial and reputational disaster.

The Real Cost of DDoS

Not only are dollars sacrificed in the aftermath of a successful DDoS attack, but customer trust as well. This means that, when preparing for DDoS attacks, you should consider both short-term and long-term implications. Even if your website can recover, your brand may never will.

As Ecommerce grows and changes, so will hacker methods of wreaking havoc on the cyber landscape. Today, when DDoS attacks continue to become widespread, many industry experts are already declaring 2014 to be a “Year of DDoS”. To be prepared you need to evaluate your weaknesses and decide if you should consult security professionals to help you form an effective DDoS protection strategy.

Leave a Reply

Your email address will not be published. Required fields are marked *