top of page

News & Views

DDoS attacks hit retail

According to the latest Threat Intelligence Report (, by threat researchers at NETSCOUT (, cybercriminals are continuing to take advantage of our increased online interactions and transactions, by launching a staggering 5.4 million Distributed Denial-of-Service (DDoS) attacks from January to June 2021.

If this level of activity were to continue, the world would be on track to hit close to 11 million DDoS attacks in 2021 – a record for a calendar year.  Looking specifically at the retail sector, NETSCOUT observed over 41,000 DDoS attacks against electronic shopping and mail-order houses in the first half of 2021, putting it in the top five for vertical industry targets and causing concern ahead of the holiday shopping season.

“From supply chain to security, the retail sector faces a number of challenges as we approach the festive season.  From a cybersecurity perspective, we’re seeing an increasing number of retail firms reporting DDoS extortion attacks – which is when cybercriminals threaten organisations with a DDoS attack unless they pay an extortion demand,” says Hardik Modi, Associate Vice President of Engineering, Threat and Mitigation Products, NETSCOUT.

“These days, DDoS attacks are a matter of when, not if – and a successful attempt can lead to costly downtime and lasting reputational damage.  To protect themselves, online retailers should invest in a robust DDoS mitigation system, which would effectively eliminate the need to worry about public-facing services should they experience a DDoS attack.  As sophisticated tools exist to defend the infrastructure in a worst-case scenario, this gives retailers confidence that the fallout will be minimal.”

“However, this cannot be a ‘set and forget’ or checkbox exercise,” warns Modi.  “It is important to test any DDoS defence system on a semi-regular basis to ensure that any adjustments made to the online infrastructure are reflected in the overall DDoS mitigation strategy.  There must also be a fool-proof plan of action and a full understanding of who to alert – from local regulatory bodies to key stakeholders and security suppliers – should a DDoS attack take aim.  This is particularly true in the event of a DDoS extortion demand.”

The full report can be downloaded at

bottom of page