[BreachExchange] Going, going, gone: e-Commerce and DNS attacks

Destry Winant destry at riskbasedsecurity.com
Wed Oct 3 10:08:55 EDT 2018


Super sales days like Amazon Prime or Alibaba’s Single’s Day can be
tough for consumers looking for a bargain, but are even harder for
retailers looking to secure themselves against all kinds of attacks
and to provide the seamless continuity that eager shoppers expect from
sellers in the current age. A particular threat retailers face all
year round, but especially on high-traffic days like Black Friday, are
DNS attacks. In the rush to make sales, many businesses can get it all

Research conducted by The Telegraph suggests the last two years saw
173 million people being affected by cyber attacks in the retail
sector alone. The colossal amount of data retailers have to deal with
makes them a very lucrative target to would-be attackers. When online
game vendor Steam held a ‘Steam Sale’, the site’s activity increased
by 2,000 per cent. Due to a two-wave attack, 34,000 users were shown
personal information belonging to other users and were also prevented
from making purchases themselves.

EfficientIP’s 2018 Global DNS Threat Report revealed the businesses in
the retail sector alone experienced an average of seven attacks in the
past 12 months. Over that period, these attacks cost retail
organisations an average of almost $4m ($3.99). The 7 attacks on
average in 2018 compares to 4 attacks in 2017 costing a mere $1.7m by
comparison, the number of attacks and attached costs have therefore
considerably increased in just a single year.

Marred with cyber threats, not only do these attacks compromise the
brands’ websites, the damage goes beyond, to the very brands
themselves. The report revealed that as consequence of a hack, 30 per
cent of retailers suffered brand damage, shaking customer loyalty in
the process and at a time when it is needed more than ever.

Keeping the online store up and running

Not only does this break in business continuity impact the brand’s
reputation, it also affects it financially. Big days for retail like
Black Friday and Cyber Monday have consumers flocking to retail
websites. As website traffic increases, so does load on the server.
These instances require retailers to be armed and ready to handle
heavy website traffic, while providing seamless user experiences to
each of their customers.

One way of ensuring retail websites don’t crash under pressure is to
have high performance DNS able to handle large volumes of DNS queries.
As traffic increases, network automation provides systems the backup
needed to tackle increased incoming traffic and allows user experience
to be seamless. Lack of it costs businesses, and 6 per cent of
retailers also admitted to an attack costing them between over $1
million and $5 million.

With 36 per cent of retailers reporting cloud service downtime and 39
per cent to a compromised website, retailers need to ensure they have
the proper threat detection and countermeasures in place. Retailers
should have business continuity in mind when protecting their
networks. The number of cloud service down time dropping by 11 per
cent is an encouraging step in the right direction. This dose of
optimism is tampered only by the fact that 34 per cent of retailers
had a compromised website in 2017. This highlights that retailers need
to stay vigilant at all times and that the progress made since last
year is insufficient.

Securing DNS is a priority for e-commerce

The 2018 Global DNS Threat Report also revealed 91 per cent of
retailers agree and understand the importance of DNS security for
their business.  However, their approach to DNS security is not the
best. More than any other sector, nearly a third (32 per cent) of
retailers choose to add more firewalls to protect their network,
specifically against data theft. Firewalls alone are inadequate
protection as they merely provide a peripheral view of DNS queries,
limiting the chances of threat detection.

The retail sector seems to be taking note of the importance of logging
DNS queries, as 87 per cent of retail brands claim to analyse their
DNS traffic. However, adequate education to combat DNS threats seems
to be an issue as 37 per cent retailers claim to take three days for
patching a vulnerability and 27 per cent, a full week!

Brands can only protect themselves if they understand the variations
of these stealthy DNS attacks. As the complexity and sophistication of
attacks increase, retailers are hit by newer, and more diverse,
attacks. DNS-based malware and phishing stand out as the preferred
modus operandi. In the past twelve months, they constituted 31 per
cent and 39 per cent of attacks in the retail sector respectively.

Always be selling

The retail sector needs to ramp up its security and network management
to avoid further catastrophes and ensure optimal performance and user
experience. This can be achieved by acknowledging DNS security as a
key component of the overall network security strategy. EfficientIP
recommends retailers enhance their threat intelligence on domain
reputation with data feeds which can provide menace insight from
global traffic analysis. It will protect them from internal and
external attacks by blocking malware activity and mitigating data
exfiltration attempts.

Applying adaptive countermeasures via graduated security measures
relevant to threats will ensure business continuity for retailers,
even in situations when the attack source is unidentifiable. It also
mitigates the risk of blocking legitimate traffic.

Monitoring and analysis of DNS transactions will reduce the risk of
data theft, often achieved by hackers via DNS tunnelling currently
impacting over a quarter (26 per cent) of retailers. By embedding a
security layer at the heart of the protocol in the DNS server itself,
you’re able to get real-time, context-aware threat detection and

Incorporating DNS into global network security solution to recognise
unusual or malicious activity, while informing the broader security
ecosystem, will assist brands in holistic network security.

Avoid becoming the prey of bargain-hunting hackers

The retail sector is a vulnerable target for hackers because of the
high amount of traffic it experiences on a daily basis. This makes it
imperative for brands to tighten their security by bullet-proofing
their network against DNS threats. With online sales becoming more
frequent and global e-commerce shopping events becoming more and more
popular, only e-retailers offering the most seamless and secure
experience will be able to retain their customers’ loyalty.

More information about the BreachExchange mailing list