​As holiday shopping season hits full stride, DDoS barrage threatens retailer profits

Australia has continued its rise as a source of distributed denial of service (DDoS) attacks, according to new figures from Akamai that have also highlighted a likely massive threat to retailers in the leadup to the critical holiday shopping season.

The https://www.stateoftheinternet.com/resources-cloud-security-2015-q3-web-security-report.html" target="_blank">Akamai Q3 2015 State of the Internet Security Report found that Australian sources accounted for 5 percent of attack traffic on the content distribution network (CDN) operator's network – up from 4 percent in the previous quarter. This put Australia in the top 10 sources for DDoS traffic, continuing a trend that has been attributed to the growing availability of high-bandwidth connections over the National Broadband Network (NBN).

John Summers, vice president of Akamai's Cloud Security Business Unit, attributed the surge to the “easy availability of DDoS-for-hire sites that identify and abuse exposed Internet services”.

HTTP web application attacks, for example, increased by more than 96 percent from the previous quarter while PHP injection attacks jumped 238.98 percent, SQL injection attacks jumped 21.64 percent and local file inclusion attacks jumped 204.73 percent.

Attacks against SSDP, which is used by Universal Plug and Play (UPnP) devices in homes, comprised 14.6 percent of all attacks – the second largest DDoS vector. This trend reflects growing concerns about the lack of security in http://www.cso.com.au/article/590007/enisa-how-smart-home-tech-should-secured-isn-t/" target="_blank">consumer devices and the emerging Internet of Things (IoT).

Only HTTPS web application attacks decreased, with a 79.02 percent slide attributed to a return to normal after a surge in HTTPS attacks in the wake of attacks leveraging the high-profile http://www.cso.com.au/article/556172/attacks-against-shellshock-continue-updated-patches-hit-web/" target="_blank">Shellshock vulnerability.

The report had ominous implications for retailers, who were targets in 55 percent of the observed DDoS attacks – far ahead of second-place financial services (14.7 percent), media and entertainment (7.99 percent) and public-sector (7.24 percent) organisations.

The threat to retailers couldn't come at a worse time, with http://www.roymorgan.com/findings/6591-online-shopping-in-australia-june-2015-201512012314" target="_blank">recent Roy Morgan figures suggesting online shopping continues to surge – with 4 in 10 Australians and http://www.roymorgan.com/findings/6589-online-shopping-new-zealand-june-2015-201512012218" target="_blank">half of New Zealanders buying online in any given month. Australians alone spent $37.8 billion online during fiscal 2014/15, according to the Roy Morgan figures.

Interruptions to those sales could have catastrophic consequences for retailers, who already face a barrage of complications from new forms of malware: FireEye, for one, recently http://www.cso.com.au/article/590311/new-payment-card-malware-hard-detect-remove/" target="_blank">reported the identification of FIN1, a Windows bootkit that targets payment card data using a hard-to-detect piece of malware.

Akamai dealt with 1510 DDoS attacks during the quarter – a 180 percent jump over the same period a year ago and 23 percent up from Q2. Online gamers were the most frequently hit with DDoS attacks, while the media and entertainment industry faced the largest DDoS attacks – including an attack that hit its target with what Akamai says is a “record-breaking” 222 million packets per second.

That compared with an overall average DDoS intensity of 1.57 million packets per second. “An attack of this size could bring down a tier 1 router, such as those used by Internet service providers,” Akamai's analysis noted.

Earlier this year, the firm's ongoing monitoring of DDoS trends saw http://www.cso.com.au/article/563945/ddos-volumes-plateau-hackers-try-new-attack-vectors-akamai/" target="_blank">DDoS volumes plateau as hackers tried their hands with new attack vectors. DDoS perpetrators also http://www.cso.com.au/article/571315/ddos-volume-surges-europe-displaces-us-source-security-attacks-akamai/" target="_blank">expanded their focus outside the US earlier this year and in May, Australia became the world's http://www.cso.com.au/article/575650/australia-world-second-most-attacked-web-target-akamai/" target="_blank">second most-attacked target by DDoS perpetrators. This sounded alarm bells at Akamai, which warned that a survey of Australian companies found http://www.cso.com.au/article/560089/australian-companies-unprepared-deal-ddos-attacks-akamai/" target="_blank">most are unprepared to deal with DDoS attacks.

Tags cloud securityakamaiInternet of Things (IoT)CSO AustraliaSSDPcontent distribution network (CDN)State of the Internet Security Reportretailer profitsDDoS barrageCloud Security Business

Show Comments