Attacks Longer Against E-commerce Sites

Thursday, October 20, 2011 @ 12:10 PM gHale


Distributed denial of service (DDoS) attacks against e-commerce sites last 40% longer than average DDoS attacks, according to new research from VeriSign.

Since Jan. 1, 2011, DDoS attacks mitigated by Verisign for its e-commerce customers lasted significantly longer than the DDoS attacks it mitigated for all other customer verticals combined, the report said.

RELATED STORIES
ICS Threat Brewing; Target Unclear
Old Becomes New: DLL Loading is Back
Weak Sites Victimize Visitors
Beware of Printers Spreading Malware

The longer time for DDoS attacks targeting e-commerce sites is the result of the complexity of the attacks, the value of the sites, and the persistence of the attackers, said Sean Leach, vice president of technology with VeriSign’s Network Intelligence and Availability Group.

“If it is an e-commerce site that generates the vast majority of its revenue online, the bad guys are going to be very persistent. As web applications become more complicated, so do the attacks that target them”, Leach said.

In a report issued in the spring, Verisign said successful DDoS attacks can bring down sites for hours or even days, causing businesses to suffer losses in the millions and damaging a company’s brand and customer relationships.

In addition, attacks against the Domain Name System (DNS) result in significant downtime for top-ranked e-commerce sites, according to Verisign’s State of DNS Availability Report for the second quarter of 2011. The report calculated the minimum, maximum, and average DNS availability of 1,000 websites during the second quarter.

“The nature of the [DNS] protocol makes it much easier to attack than something like http. Now http is the most commonly attacked protocol… But we are also seeing a large number of attacks against DNS,” Leach said. “If your DNS is down, there goes your availability,” he added.

In addition, the study found that minimum DNS availability averaged 95% for U.S. sites that host their own DNS, while U.S. sites using third-party managed DNS services averaged a minimum DNS availability of 97%. This 2.3% difference in minimum availability equates to 40 more minutes of downtime daily for sites with internally managed DNS, according to the study.



Leave a Reply

You must be logged in to post a comment.