Understanding DDoS attacks and the effects on your online business

As an eCommerce merchant, your primary goal is protecting your online solution and keeping your customers safe and sound. However, a plethora of increasingly diverse online threats keeps coming your way, and wading through the virtual muck can be a challenge. One of these threats is a “DDoS attack,” an older method of exploitation that still proves to be difficult to prevent and is capable of causing considerable reputational and financial damage. In fact, research at Neustar shows that the amount of DDoS attacks grew by 154% between 2019 and 2020; while a threat intelligence report by A10 Networks confirms that the COVID-19 pandemic brought record-breaking DDoS attacks, with a 12% increase in the second half of 2020. Let’s take a closer look at what a DDoS attack entails, and what you can do to safeguard against such attacks.

Lokte | eCommerce Security | DDoS

First, let us take a look at “DoS”

“DoS” stands for Denial of Service, a concept that means preventing access to a service or shutting down a service altogether. Let’s imagine a coffee shop with a line of customers outside, waiting for service. If a single person blocks the entrance, other customers are denied access to the service. In the eCommerce version of this scenario, a bad actor exploits a vulnerability in your system, causing a Denial of Service by preventing your customers from accessing your web shop.

For example, when a user searches for a product in an online store, the system communicates with a database containing product information. The results are then returned to the user. If a bad actor finds a vulnerability in your system allowing them to make that search request take longer, they can then execute the same request a thousand times, thereby locking up your database. Consequently, all of your legitimate customers now have to wait until those thousands of requests are processed before they receive their results. This isn’t a distributed attack; it’s an individual exploiting a vulnerability and utilizing it to degrade the experience on your website.

So then what is a DDoS attack?

A “Distributed Denial of Service” attack is the large scale version of a Denial of Service attack, meaning it is executed with the use of multiple entities, computers, etc. The attack happens when several systems, for example, attempt to overflow resources or bandwidth of a specific system, generally one or more web servers - such as those your web shop is hosted on. A DDoS attack usually utilizes several computers, sometimes from hundreds or thousands of hosts containing malware. Bad actors are able to purchase DDoS services and botnets (remote controlled computers, bots) in a relatively cheap and effortless manner, and then they are free to instruct the bots to target a specific website. The targeted website may crash as a result of the attack, depending on their resources, bandwidth, etc.

How does a DDoS attack work?

By default, web servers are set up to handle a specific amount of traffic and connections. Every time you visit a web store, a web server spawns a thread that is unique; this one thread handles your whole browsing experience. Most servers can handle up to a hundred thousand threads. When a bad actor unleashes a botnet of a million computers, it’s likely that the target website will crash, because it simply cannot handle that amount of traffic. The target website will overload, run out of memory, throw errors, etc., or degrade performance enough to make it unusable.

Let’s go back to our coffee shop scenario.

The customers are queued up, and one person blocks the entrance to the shop. At this point, the customers are able to simply walk past the troublemaker. However, if the troublemaker invites a thousand of his closest friends to join him, the large group will enter the shop before the rest of the people waiting can receive service. If every second, another group of a thousand people jump ahead of those queuing at the door, the original line of potential customers will never be able to enter before the steady stream of people stops obstructing the entrance. Eventually, our coffee shop shuts down, because the troublemakers aren’t buying any coffee; they’re simply there to prevent the legitimate customers from purchasing fresh brew. This scene describes the distributed aspect of a Denial of Service.

DoS attacks versus DDoS attacks

Essentially, DoS attacks are easier to operate and lower in cost. They are also far easier to detect - if the inward traffic is recognized as an abnormal traffic spike, the host can take immediate action to block the source of the attack. This means that a DoS attack can be blocked in a relatively short amount of time. It’s far more difficult to withstand DDoS attacks because there are a large number of sources sending requests to flood the target system. In such a case, blocking the source of the attack is nearly impossible, and it becomes difficult to detect and mitigate the attack.

Motives behind a DDoS attack

As with most virtual crime, the motive is generally monetary.

A DDoS attack can be utilized to shut down competition. Imagine two electronics shops in direct competition with one another, each running Black Friday campaigns. If one of these companies hires a DDoS service to execute an attack on their competitor’s website, they could then expect exasperated customers to turn to their store instead as a result of the degraded performance on their competitor’s website. TechRepublic found that companies in highly competitive industries, such as online gambling, are most susceptible to DDoS attacks for this very reason.

A DDoS attack can also be used to extort funds from a company. Instead of dealing with the headache of losing more money as a result of unavailable services, the company may be tempted to cave in and pay off the criminals behind the attack.

A DDoS attack can further be utilized to distract the merchant while something more sinister goes on behind the scenes, such as stealing data or installing malware by generating enough noise to overshadow what is going on.

The aftermath of a DDoS attack

Companies suffer monetary loss in the form of lost revenue, profits, and in some cases, money that has been extorted from them by the online criminals. In any case, an eCommerce solution will suffer financial loss because of legitimate customers’ inability to spend money as they intended.

How to prevent DDoS attacks

Unfortunately, there isn’t a single solution protecting you against DDoS attacks. Ideally, your web host and development house must collaborate in order to implement filters and tweak configurations. There are also dedicated companies such as Cloudflare that help protect companies against distributed attacks with dedicated, ready-made solutions that may also fit your current eCommerce solution. A good hosting provider or managed hosting service will help bolster your solution against DDoS attacks.

For simpler DoS attacks, a pen test may help unearth the vulnerabilities in your system and prevent potential exploitation. Read about Lokte’s dedicated pen test here.