​As holiday shopping season hits full stride, DDoS barrage threatens retailer profits

Australia has continued its rise as a source of distributed denial of service (DDoS) attacks, according to new figures from Akamai that have also highlighted a likely massive threat to retailers in the leadup to the critical holiday shopping season.

The https://www.stateoftheinternet.com/resources-cloud-security-2015-q3-web-security-report.html" target="_blank">Akamai Q3 2015 State of the Internet Security Report found that Australian sources accounted for 5 percent of attack traffic on the content distribution network (CDN) operator's network – up from 4 percent in the previous quarter. This put Australia in the top 10 sources for DDoS traffic, continuing a trend that has been attributed to the growing availability of high-bandwidth connections over the National Broadband Network (NBN).

John Summers, vice president of Akamai's Cloud Security Business Unit, attributed the surge to the “easy availability of DDoS-for-hire sites that identify and abuse exposed Internet services”.

HTTP web application attacks, for example, increased by more than 96 percent from the previous quarter while PHP injection attacks jumped 238.98 percent, SQL injection attacks jumped 21.64 percent and local file inclusion attacks jumped 204.73 percent.

Attacks against SSDP, which is used by Universal Plug and Play (UPnP) devices in homes, comprised 14.6 percent of all attacks – the second largest DDoS vector. This trend reflects growing concerns about the lack of security in http://www.cso.com.au/article/590007/enisa-how-smart-home-tech-should-secured-isn-t/" target="_blank">consumer devices and the emerging Internet of Things (IoT).

Only HTTPS web application attacks decreased, with a 79.02 percent slide attributed to a return to normal after a surge in HTTPS attacks in the wake of attacks leveraging the high-profile http://www.cso.com.au/article/556172/attacks-against-shellshock-continue-updated-patches-hit-web/" target="_blank">Shellshock vulnerability.

The report had ominous implications for retailers, who were targets in 55 percent of the observed DDoS attacks – far ahead of second-place financial services (14.7 percent), media and entertainment (7.99 percent) and public-sector (7.24 percent) organisations.

The threat to retailers couldn't come at a worse time, with http://www.roymorgan.com/findings/6591-online-shopping-in-australia-june-2015-201512012314" target="_blank">recent Roy Morgan figures suggesting online shopping continues to surge – with 4 in 10 Australians and http://www.roymorgan.com/findings/6589-online-shopping-new-zealand-june-2015-201512012218" target="_blank">half of New Zealanders buying online in any given month. Australians alone spent $37.8 billion online during fiscal 2014/15, according to the Roy Morgan figures.

Interruptions to those sales could have catastrophic consequences for retailers, who already face a barrage of complications from new forms of malware: FireEye, for one, recently http://www.cso.com.au/article/590311/new-payment-card-malware-hard-detect-remove/" target="_blank">reported the identification of FIN1, a Windows bootkit that targets payment card data using a hard-to-detect piece of malware.

Akamai dealt with 1510 DDoS attacks during the quarter – a 180 percent jump over the same period a year ago and 23 percent up from Q2. Online gamers were the most frequently hit with DDoS attacks, while the media and entertainment industry faced the largest DDoS attacks – including an attack that hit its target with what Akamai says is a “record-breaking” 222 million packets per second.

That compared with an overall average DDoS intensity of 1.57 million packets per second. “An attack of this size could bring down a tier 1 router, such as those used by Internet service providers,” Akamai's analysis noted.

Earlier this year, the firm's ongoing monitoring of DDoS trends saw http://www.cso.com.au/article/563945/ddos-volumes-plateau-hackers-try-new-attack-vectors-akamai/" target="_blank">DDoS volumes plateau as hackers tried their hands with new attack vectors. DDoS perpetrators also http://www.cso.com.au/article/571315/ddos-volume-surges-europe-displaces-us-source-security-attacks-akamai/" target="_blank">expanded their focus outside the US earlier this year and in May, Australia became the world's http://www.cso.com.au/article/575650/australia-world-second-most-attacked-web-target-akamai/" target="_blank">second most-attacked target by DDoS perpetrators. This sounded alarm bells at Akamai, which warned that a survey of Australian companies found http://www.cso.com.au/article/560089/australian-companies-unprepared-deal-ddos-attacks-akamai/" target="_blank">most are unprepared to deal with DDoS attacks.

Join the CSO newsletter!

Error: Please check your email address.

Tags Cloud Security BusinessInternet of Things (IoT)cloud securityState of the Internet Security Reportretailer profitsDDoS barrageSSDPCSO Australiacontent distribution network (CDN)akamai

More about FireEyeMorganRoy Morgan

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place