Two Cybersecurity Threats Retailers Should Watch Out for During the 2020 Holiday Season

It is holiday season again. This is both good news and bad news for the ecommerce industry. It is good news because ecommerce spend is expected to increase by 13.9 percent during the 2020 holiday season -- and could be higher due to the COVID-19 pandemic.

It is bad news because cybersecurity threats generally skyrocket during the holiday season and all indicators have shown that things will be quite serious this year.

In particular, data shows that the scale of Account Takeovers (ATO) and Ransom Distributed Denial-of-Service (RDDoS) attacks will be unprecedented this year. According to a recent study by Imperva, cyber-attacks have increased sharply this year thanks to the increased number of people who will be shopping online due to COVID-19 lockdowns.

In particular, Imperva found that account takeovers (ATO) have more than doubled this year - 62 percent of login pages have been attacked so far this year, in comparison to 25 percent of login pages last year.

According to another study by Akamai, ransom distributed denial-of-service (RDDoS) attacks have tripled in size this year, with the largest of these attacks sending as much as 200Gbps of traffic.

What a Rise in ATO and RDDoS Attacks Mean for 2020 Holiday Shopping

It is first important to realize that this holiday season is unlike any other. First, retailers generally record more sales during the holiday season than at any other time of the year; it isn’t unusual to see retailers making more money in days during the holiday season than they’ve made in months at other times of the year.

Second, due to COVID-19 restrictions, most retailers need to rely on the Internet to generate most or all of their sales during the holiday season.

Unless a retailer understands how both of these attacks work and how they can be prevented, it’s quite possible to make little or no sales during this year’s holiday season.

Account Takeover (ATO) Attacks - An account takeover is a form of attack in which a malicious hacker steals a user’s identity and credentials and then uses this information to take over the user’s online account. This is usually done at scale with a bot.

There are so many risks that emerge from this particular attack as far as a user is concerned. For example, the hacker might change a user’s shipping address and then order several products and have them shipped to the new address. The attacker might also decide to sell the stolen account in the black market -- posing serious privacy issues for the user involved.

The impact on retailers can be even more damaging. Some of the common problems that arise from account takeovers for retailers include:

● Increased chargebacks from users realizing that they’ve been billed for products they did not order -- which can affect standing with the payment service provider

● Retailers being forced to issue refunds for sold items users did not order

● Increased fraud complaints against the retailer involved

● Brand and reputational damage for the retailer involved

● High churn

How to prevent attack takeover attacks

The good news is that account takeovers can be prevented. Here are some ideas:

● Scrutinize user credential changes; in particular password resets and changes to key user information from an unusual location or IP address

● Carefully monitor accounts that are victims of repeated unsuccessful login attempts -- particularly from a strange IP address

● Pay careful attention to IP addresses or locations that are suddenly creating lots of accounts within a short period of time

● In case of the above, it should also be doubly suspicious if the accounts are being created from the same device

● Install a web access firewall (WAF) or solution that monitors your traffic at all times and proactively blocks suspicious activity

Ransom Distributed Denial-of-Service Attacks

Ransom Distributed Denial-of-Service attacks are financially motivated large scale traffic attacks in which bad actors flood a server with unusually high traffic in an attempt to cripple the server and make the site(s) hosted on it inaccessible.

These attacks are usually programmed to come from a lot of different sources and/or locations, making it practically impossible to prevent them by blocking a particular source. The attack can continue for hours or days depending on the motivation of the attacker. The attacker will often ask for funds to be paid via cryptocurrency to call off the attack.

So how do you ensure you don’t fall victim to RDDoS attacks during the holiday season?

  • The first step is to be proactive. You want to anticipate these attacks and take steps before they happen. It would be damaging to suddenly start scrambling for solutions after the attacks have taken place.
  • Check with your ISP to see what options they have in place to protect your website in the case of a DDoS attack.
  • If your ISP has DDoS protection offered, you can also take extra steps by signing up for an independent DDoS mitigation service to ensure you aren’t taking any chances.
  • Ensure you have a web application firewall (WAF) installed that monitors all traffic and then blocks suspicious traffic to your server.

While account takeovers and ransom distributed denial-of-service attacks will most certainly increase during the holiday season, you don’t want to leave anything to chance. The above are basic steps you can take to protect yourself in the event of these attacks.


Kristina Tuvikene is a freelance writer that specializes in working for about cybersecurity and cloud hosting brands.


What’s Hot on Infosecurity Magazine?