Story image

Why NZ retailers need to be wary of attacks in the last week before Christmas

18 Dec 15

New Zealand retailers are entering the busiest week of the year ahead of Christmas, while the number of Distributed Deinal of Service (DDoS) attacks continues to rise and now Kiwi retailers of all shapes and sizes are faced with the difficult challenge of protecting themselves in a threat-filled world and not becoming just another company to fall foul of the attackers going into 2016.

What is the real threat?

Of most concern to retail businesses is the growth in the average attack size, and there was a marked increase in New Zealand from the first quarter of 2015 to the second, from 430.84Mbps to 1.1Gbps.

This is particularly concerning as many retail businesses have Internet connectivity at or below the 1Gbps level, so there are now many more attacks out there that are capable of saturating their connectivity and bringing their websites and online stores down. This really illustrates the kind of impact these attacks can have to retailers that are reliant on the Internet to sell their products and services.

The most prominent trend is that the proportion of attacks in New Zealand over 1Gbps is growing; and according to Arbor’s ATLAS threat monitoring system, it has a higher proportion of attacks above 1Gbps compared to the rest of Asia Pacific, with 35% for New Zealand and 17% for APAC overall.

This spike in attack size is especially obvious in large and complex reflection amplification attacks, a technique used to magnify the amount of Internet traffic generated and one of the key ways attacks are being launched. The average size of a reflection amplification increased everywhere in 2015 and the largest reflection attack in New Zealand was 16.69 Gbps - the “Chargen” attack targeted at port 60806.

How & why should retailers protect themselves from attacks?

Quite simply, layered DDoS defence is the key to overcoming the attackers. The increasing size and frequency of volumetric attacks that can saturate Internet connectivity clearly shows the need for cloud and ISP-based DDoS protection services that can deal with these higher magnitude attacks. However, the stealthier, sophisticated application layer attacks haven’t gone away.

We are definitely seeing application layer attacks on larger organisations on the rise. These attacks can lead to longer recovery times than volumetric attacks and can be harder to detect from the cloud and ISP perspective, making ‘always-on’ proactive network perimeter DDoS protection so important.

These two layers of protection – on premise and cloud, plus network perimeter – work together to protect the availability of key web services from the DDoS threat, reducing the risk of costly business interruption, so should be a key consideration for any retail business wanting to ensure their digital services are not interrupted during the crucial pre- or even post-Christmas sales periods.

Extortion is a key trend

What is becoming more prevalent, sadly, is extortion, and as one of the oldest DDoS motivations, we have seen significant growth in this area in the past year, some of it well publicised given the DD4BC activity.

This started back in July ’14 and is continuing in Australia and New Zealand currently, with extortion attempts targeting organisations mainly in the finance and retail sector. There have been some fairly well publicised cases in New Zealand particularly, where Arbor worked with Vodafone New Zealand to help protect a leading retailer after an extortion attempt.

The other trend to be aware of is the increasing use of DDoS as a part of broader attack campaigns, usually to distract security teams from either malware infiltration or data exfiltration. If an organisation is targeted with a DDoS attack they must be careful not to lose focus on the monitoring of their internal networks, as the DDoS attack may simply be a smoke screen for something potentially far more damaging.

Sharing threat intelligence really helps win the war against the attackers, as information from other organisations in the same vertical or geography can be very pertinent to the same risks. One key thing to remember is that attackers often share capabilities between each other, so they are making use of their collective capability and New Zealand retailers need to do the same and they can do that anonymously.

Why are retailers under more threat?

One of the key differences between the finance and retail verticals in New Zealand is the steps taken to deal with threats, whether they are sharing threat intelligence information with others in the same vertical or with government agencies and how quickly they react to an attack.

The finance and banking sector in particular is fairly advanced when it comes to responding to and sharing threat intelligence in this region; however the retail sector is way behind and is leaving itself exposed to attackers.

Retail organisations need to look at the benefits that can come from sharing threat intelligence; sometimes they are too concerned about ‘helping the competition’ – but the key thing to remember is that sharing intelligence is usually a reciprocal arrangement, and the right information could prevent a hugely embarrassing and costly breach for all parties.

What should retailers look out for in 2016?

There is no doubt that we will continue to see a lot of reflection amplification DDoS attack activity throughout 2016. The latent capability within the Internet, which attackers are more than willing to exploit, still exists so it wouldn’t be surprising to see an attack up at around 500Gbps – higher than any other recorded attack – in the not too distant future.

We will continue see more of the high-profile breaches we’ve seen in retail over the last year in New Zealand. It is also likely that we’ll become aware of many smaller organisations falling victim to data-theft. Many retailers have data that is either directly or indirectly valuable to attackers, and at the moment the value of that data is significantly higher than the cost to the attacker of extracting it.

New Zealand retail organisations need to shift their approach and fast, they should leverage the data they have more effectively, share intelligence more quickly and usefully and fundamentally make better use of their existing security resources.

Article by Nick Race, Arbor country manager

DigiCert conquers Google's distrust of Symantec certs
“This could have been an extremely disruptive event to online commerce," comments DigiCert CEO John Merrill. 
Protecting organisations against internal fraud
Most companies tend to take a basic approach that focuses on numbers and compliance, without much room for grey areas or negotiation.
Telesmart to deliver Cloud Calling for Microsoft Teams
The integration will allow Telesmart’s Cloud Calling for Microsoft Teams to natively enable external voice connectivity from within Teams collaborative workflow environment.
Jade Software & Ambit take chatbots to next level of AI
“Conversation Agents present a huge opportunity to increase customer and employee engagement in a cost-effective manner."
52mil users affected by Google+’s second data breach
Google+ APIs will be shut down within the next 90 days, and the consumer platform will be disabled in April 2019 instead of August 2019 as originally planned.
GirlBoss wins 2018 YES Emerging Alumni of the Year Award
The people have spoken – GirlBoss CEO and founder Alexia Hilbertidou has been crowned this year’s Young Enterprise Scheme (YES) Emerging Alumni of the Year.
SingleSource scores R&D grant to explore digital identity over blockchain
Callaghan Innovation has awarded a $318,000 R&D grant to Auckland-based firm SingleSource, a company that applies risk scoring to digital identity.
IDC: Standalone VR headset shipments grow 428.6% in 3Q18
The VR headset market returned to growth in 3Q18 after four consecutive quarters of decline and now makes up 97% of the combined market.