/Rectangle%20239.png?width=13&height=13&name=Rectangle%20239.png){kind=small}
Black Friday is just around the corner, and we know what that means for online retailers all over the world: on the one hand, a lot more website traffic, customers, sales and profit, but on the other a higher risk of exposure to cybercrime, potentially leading up to financial and reputational damages.
Companies looking to stay one step ahead of cyberattackers during this particular time should gather as much knowledge as possible: from the most common Black Friday threats and exploited vulnerabilities, to the precautions they can take to avoid cyber incidents. One of Alter Solutions’ cybersecurity engineers explains it all.
DDoS attacks: the “stars” of Black Friday cybercrime
“The most prevalent Black Friday threat is, for sure, DDoS (Distributed Denial-of-Service) attacks”, our expert confidently states. Here’s how a DDoS attack works: hackers flood a server with traffic coming from a variety of IP addresses (hence “distributed”), causing the website to crash and making it inaccessible to users.
“This is the biggest issue during Black Friday, because there are already huge amounts of traffic anyway, so the malicious actors can easily leverage that to go unnoticed and aggravate the situation. It is the easiest type of attack for them to use during this time, especially towards big retailers”, he points out.
Now, the motivation behind a DDoS attack can vary. It can be just that – a means to disrupt services and cause financial damage to a company – or it can be used as a smoke-screen, a distraction to mask more invasive attacks (like data theft).
The fact is, in recent years, DDoS attacks have become more sophisticated and destructive. The reason for that is the cloud. “Now you have these cloud services that offer you the ability to scale up quite easily. So, malicious actors often target companies that provide these services: if they can access those, then they can easily scale up the attack. Previously to the cloud, they actually had to go and compromise each and every device. Now, they only need to access one account from one person who has the credentials to the Cloud Service Provider [CSP], like Amazon Web Services [AWS] or Google Cloud Platform [GCP], and they’re in a good position”, our cyber engineer claims.
What are the most exploited vulnerabilities?
Primarily, poor credentials and access management. “Especially high-privileged users, so people that have administrative credentials, should have a higher level of security for their accounts and devices. Still, every couple of months you hear the news of some of those accounts being hacked. That’s because hackers are really good at finding out who these people are and how to get to them. It’s not like they are doing it indiscriminately. They can go to LinkedIn, to the company’s website, and they could even apply to these companies to figure out the hierarchy. So, these attacks are very sophisticated”, Alter Solutions’ expert warns.
How to act preventively?
To address those vulnerabilities before they can be exploited, there are basic preventive measures to improve password policies, identity and access management (IAM), that all businesses, regardless of their size and scope, should implement: Two-Factor Authentication (2FA) and Multi-Factor Authentication (MFA). However, our cyber engineer alerts, “this is not something an organisation can do at a specific time just to avoid the Black Friday chaos. It has to be a continuous process, all year long”.
For administrative accounts, it is recommended the use of physical security tokens, as a way to increase the level of protection of their assets. “Plus, a more detailed analysis of where these users are logging in from, their IP address, and what they are actually doing makes it easier to detect unusual patterns if something is wrong”, our expert explains. For that purpose, there are tools like UEBA (User Entity and Behaviour Analytics), which can interpret users’ behaviour, raise alerts and temporarily block an account, if necessary.
Severe DDoS attacks that have happened recently – like this one mitigated by Google and labelled as the largest DDoS attack to date – have also made companies and Cloud Service Providers very aware of the necessity to monitor traffic in real-time. “Ultimately, if a cloud service like AWS or GCP is used to attack an organisation, they could be held responsible”, our engineer argues.
So, in addition to scaling up servers as needed, in busy times like the Black Friday, services like AWS and GCP also provide mechanisms to protect against DDoS attacks. “AWS and GCP are very used to these attacks coming towards them, so they know how to detect and block them, and then apply this knowledge to their clients as well. So, companies that are using AWS or GCP to handle Black Friday traffic are able to profit from their experience in handling cyber threats like DDoS”, our expert suggests.
Ensure full protection with Managed SOC
Another way to strengthen cybersecurity posture is to implement a Managed Security Operations Centre (SOC) solution, which is a complete incident detection and response service that leverages sophisticated tools to monitor businesses’ IT infrastructure, 24/7, protecting it against all kinds of threats and cyberattacks.
According to Alter Solutions’ cybersecurity engineer, having a Managed SOC in place is one of the strongest security strategies a company can have to avoid being hit by cyber threats in general, especially during Black Friday. “In a SOC, we check for any suspicious activity happening, like data exfiltration and so on. It is an additional level of protection of systems, accounts and networks. But, of course, it is not something you can just order for a particular time. It should be continuous”.
Can a DDoS attack be stopped?
It depends on each company’s risk tolerance and strategy. “It’s very difficult to differentiate between a normal user who is actually visiting your website to buy something, and a compromised host who is sending traffic just to access your server. So, in doubtful situations, each company needs to have a policy to decide if they want to block this traffic and risk losing a client, or let the traffic come even though it might be a DDoS attack. It’s a business decision”, our engineer believes.
If the traffic actually goes through and a DDoS attack has room to occur, then the damage has already been done. “You can try to find the root cause, how it happened, how it can be avoided in the future, but it cannot be stopped in the present. All companies can do is learn and prepare to handle it better in a future occasion. That is why prevention is so important”, he defends.
There are, however, small things that can be done to mitigate the impact of a DDoS attack. For example, Google Cloud Platform allows companies using their servers to store IP addresses in different regions and continents, so in the event cyberattacks like this occur, they cannot succeed completely.
The consequences of poor cyber resilience
Businesses that have no cybersecurity strategy or instruments in place, especially during high traffic periods like the Black Friday, naturally risk falling victims to DDoS attacks and other threats. The damages are, mostly, financial and reputational.
“During Black Friday, the whole idea is to increase sales and make money. So, if a client tries to buy something and can’t, first of all he’s not spending his money on the company, and that’s the first loss, but then he might go buy the same product from a competitor. In addition, if a retailer’s online unavailability hits the news or social media, it can bring down the reputation of the company very fast”, our cybersecurity expert concludes. Once again, prevention is key.
