Cyber Grinches Look to Make Retailers’ Second COVID Christmas Rougher Than the First


Share on LinkedIn

As retailers hit the home stretch of their second COVID Christmas, they are navigating a broader set of challenges that they bargained for. After an accelerated shift to ecommerce propelled by no-contact, socially distanced shopping changed the holiday shopping landscape in 2020, many hoped 2021 would bring a return to normalcy. Instead, retailers are facing more hurdles as they hit their most critical time of year.

Now in the thick of holiday shopping season, uncertainties throughout the global supply chains have made this year more critical — and precarious — for retailers. Some have been struggling for months with low stock and delayed orders atop issues like hiring shortages. Concurrently, online traffic and digital touchpoints have ramped up amid the holiday countdown, both as consumers compare options and as retailers seek to build all-important, revenue-driving connections.

Coming out ahead amid so much uncertainty seems like it may require nothing short of a miracle, especially when considering the modern-day Grinch lurking in the wings: cyberattackers. The FBI and the Cybersecurity & Infrastructure Security Agency (CISA) issued a joint reminder of the importance of remaining vigilant during the manic holiday season, as retailers and brands could be on the receiving end of various attacks that easily derail momentum.

Top of the Naughty List

For retailers, the growing reliance on ecommerce to drive business has made them a rich target for cybercriminals. Nowhere is this more evident than with distributed denial-of-service (DDoS) attacks. One recent study found that “DDoS incidents on ecommerce sites spiked 200% in September 2021,” with the leap attributed to heightened bot activity. Sophisticated as-a-service options enable even novice attackers to order and easily deploy a botnet attack.

DDoS threats may range in size and severity, but all can wreak havoc on retailers. The largest attacks can yield valuable information about a company’s defenses before the target even has time to react. Lower-level attacks can degrade website performance, driving shoppers (and profits) away. The associated ransom-related DDoS (RDDos) attacks extort would-be victims by threatening to take their systems offline via a DDoS attack. Rather than investing in proper prevention, companies may end up paying millions in ransom to keep attackers at bay.

In addition to DDoS attacks, retailers are prone to various DNS threats. Zombie, or botnet-based domain attacks, use a botnet to submit requests to local or self-managed DNS services for domains that do not exist to overload DNS system resources and impact performance for authentic users. Domain hijacking occurs when a bad actor gains control of a target’s DNS information and makes changes, such as to redirect traffic to capture sensitive information. And DNS cache poisoning works to send legitimate traffic along a poisoned route, delivering users to a bad addressed that then becomes cached on their computer and lead to further damage.

Beyond targeting brands, attackers are increasingly seeking opportunities to exacerbate challenges throughout the supply chain by pursuing a brand’s trusted partners, such as vendors who handle shipping, logistics and other critical operations. The bottom line? ‘Tis the season for retailers to prioritize cybersecurity, both within the organization and across partner relationships.

Making a Cybersecurity List, Checking it Twice

For retailers without explicit DDoS mitigation or DNS security strategies in place, now is the time to develop and implement them. Investing time and resources in prevention will be less costly — in terms of both financial and reputational impacts — in the long run.

For DDoS prevention, brands can take four steps to improve vigilance and thwart would-be attackers:

1. Identify assets at risk. Before implementing a solution, it is important to identify what is at risk. Security personnel should develop a list of what needs to be protected so that customers are served uninterrupted.

2. Determine optimal solutions. Many options are available for protecting online channels against DDoS attacks, so it is important to consider the best fit. Protection through an ISP or cloud service provider can be a simple solution, particularly if assets are not extensive or require high-level protection, expertise or customization. A DDoS mitigation service may be better suited to enterprises with a larger network or where downtime can’t be tolerated; however, these off-the-shelf solutions may not accommodate every network configuration. Finally, a fully managed cloud DDoS platform can be advantageous for complex, extensive infrastructure or digital assets.

3. Consider mitigation strategies and requirements. Many questions will need to be answered to determine the specific capabilities that will match network configuration and operational needs. For instance, how best to divert traffic? Does service need to be always-on or on-demand? Each approach has its strengths and weaknesses.

4. Monitor and communicate. Brands should know their ‘peacetime’ traffic and share that information with their DDoS protection provider so they can watch for anomalies. Key metrics to provide include total inbound traffic under normal circumstances; predictable cyclic variations in traffic volume (daily, weekly, monthly); scope of IP address space; ports, protocols and applications running in each subnet; and a run book for each critical assets, detailing required protections and allowable downtime, if any.

While DDoS attacks are a priority, it is critical to not overlook DNS security. Maintaining security involves implementing a number of best practices, as there is no single solution. Brands should consistently maintain security reviews, vulnerability patches, good account hygiene and appropriate access controls. To augment these practices, retailers may consider DNS Security Extensions (DNSSEC).

DNSSEC seeks to prevent DNS attacks that deliver bad or false responses to a device’s query — through cache poisoning, domain hijacking, etc. — by validating a DNS address and providing end-to-end integrity checks. Ultimately, it helps ensure that traffic is legitimate, and it has become mainstream and more accessible to businesses of all sizes.

Better Watch Out

As the FBI and CISA advised, vigilance is critical. Cyber Grinches are always striving to be one step ahead, so retailers must revisit their security precautions regularly and keep up with best practices to ensure they are well positioned for a merry holiday and beyond.

Brian McCann
Brian McCann joined Neustar in October 2019 as EVP and President of Security Solutions. He is responsible for the vision, strategy, operations and stakeholder satisfaction of the company's cloud-based and data-driven security solutions business including Neustar's industry leading application security, DNS, security intelligence and website performance management offerings. Brian has more than 25 years of executive leadership experience in high-growth security and technology businesses and previously held senior leadership roles at NETSCOUT and ONPATH.


Please use comments to add value to the discussion. Maximum one link to an educational blog post or article. We will NOT PUBLISH brief comments like "good post," comments that mainly promote links, or comments with links to companies, products, or services.

Please enter your comment!
Please enter your name here