DDoS Attacks: What You Need to Know for Cyber Monday

On Cyber Monday, DDoS attacks by hackers typically rise. Not a retailer? You may still be at risk if you use the same 3rd party vendor for payments or other data.

Myth: “I’m not a retailer so I don’t care about Cyber Monday.”Reality: Distributed Denial of Service (DDoS) attacks impact targets and their connected third parties which could mean you.

A DDoS attack can impact your business if hackers decide to disrupt Cyber Monday sales. According to the Verisign Q2 2018 DDoS Trends Report, DDoS attacks increased by 35% during Q2 with average size of the attacks increasing 111% year over year. In other words, if you are a small retailer and use the same third-party vendor as a targeted retailer, you can easily be at risk for a DDoS attack. For example, if you’re using the same payment service provider as a large retailer, an attack on that vendor can impact your ability to do business. Even worse? If you’re the third-party vendor of that targeted retailer, you’re also at risk.

TL;DR: Hackers don’t care about your business’s size or the service provided because a DDoS attack can impact the entire supply chain.

What is a DDoS Attack?

In recent years, DDoS attack definitions have evolved from overwhelming an entire online service to targeting specific servers used for a variety of business operations. DDoS attacks today focus on disrupting a variety of services all or in part, including email, web-based applications, networks, and mobile systems.

What are the types of DDoS attacks?

Wait - you mean there’s more than one? Yes, many types of DDoS attacks exist which makes the threat even greater. At the most basic level, DDoS website attacks are like a company sending you a ton of junk mail that means your bills can’t fit in your mailbox. When your bills get lost in that pile of junk mail, you can end up getting your power shut off due to a late payment.

Whether you’re technical or not, you need to understand the basic threat of DDoS, meaning we need to give you a quick glossary.

DNS Amplification

Technical Explanation: Every network, and every device connected to it, has a specific address called an IP address which is located on your domain name system (DNS). With DNS amplification, a hacker fakes (or “spoofs”) the victim’s address and then sends an overwhelming amount of information to the domain causing it to be overloaded and stop working.

Simplified Explanation: In real life terms, a DNS is like your state and networks are like the streets in a town with each device having its own address on that street. A DNS amplification sends junk mail to all the houses on that street, waiting for people to throw them out, and all that trash clogs up the road.

UDP Flood

Technical Explanation: These attacks made up 56% of the recent DDoS attacks according to Verisign. Although commonly a type of DNS amplification, they work a bit differently. UDP stands for User Datagram Protocol and is what allows applications on your network to talk to one another (“datagrams”, like “telegrams”). UDP protocol attacks focus on weaknesses in security that allow your programs to talk to one another faster. A hacker spoofs your IP address then sends a lot of information to random locations on your network with fake UDP messages.

Simplified Explanation: Applications collaborate the same way your employees work together.  Because the applications need to talk to one another, they are less secure overall since they’re supposed to be using your network like a “private phone line.”  In this case, the protocol attack is similar to a flash mob coming into your office, sitting at your employees’ work stations, and making it impossible for employees to hear each other over the din.


Technical Explanation: Verisign found that in Q2 2018 this type of DDoS attack was the second most common, making up 26% of DDoS system compromises. Networked connections use what we call a “TCP handshake.” One computer asks asks to connect (“a SYN”), the network gets the request (“SYN/ACK”), and then sends back a response (“ACK”). A SYN Flood is when a hacker spoofs your IP address and sends in an overwhelming number of requests to connect. Your network sends back the responses but gets nothing in return. Since it’s overwhelmed waiting to hear back, it just stops working.

Simplified Explanation: If you’re using LinkedIn, it’s the same concept as sending a message to connect with someone, getting them to read it, and then them sending back a message saying “Thank you for connecting!” If you sent out 100 requests to the same person using 100 fake profiles, that person can’t keep up with all the incoming messages.

What do I need to know about a DDoS attack today?

According to Kaspersky Labs’ blog SecureList, cyber criminal activity amped up right before Black Friday and Cyber Monday in 2017. What you know today can help protect you next month. As we’ve said before about cybersecurity awareness, “knowing is half the battle,” but only half.

Tracking real-time threats, the Kaspersky Attack Map showed that from October 1, 2018 through October 22, 2018, network attacks in the United States increased from 1.03 billion to 1.6 billion reaching a peak on October 19 with 1.96 billion. That’s a lot of network attacks right there.

Even more concerning, the Fortinet Threat Map, a real-time map of global cyber attacks, uses blue to highlight DDoS attacks - and the majority target the US. A DDoS attack can cost a small or midsized business anywhere between $120,000 to $2 million, not including reputation costs. Meanwhile, increasingly free and inexpensive DDoS attack tools are available to hackers, who can make these a cost-effective way to disrupt one or more businesses.

But don’t just listen to us - see for yourself. The Kaspersky IT Security Calculator can help you review threats to your industry while looking more granularly at organization size.


IT and telecommunications companies in North America with less than 100 employees experienced the following threats in the last twelve months:

Threats Experienced NA IT & Telecoms


For similar sized retail and wholesale industries during the same period, the threats were:

Threats Experienced NA Retail & Wholesale

All Industries

Across finance, government, retail, IT, and manufacturing, the statistics are even more bleak:

Threats Experienced in NA All Industries

While malware remains the top attack method, likely arising from poor cyber hygiene, DDoS attack maps and statistics mean you need to be constantly monitoring your cybersecurity to keep your business from being the next DDoS attack news headline.

How to stop a DDoS attack using a security-first cybersecurity approach?

Harry Potter’s Mad-Eye Moody said it best when he constantly reiterated, “Constant vigilance!” Whether you’re an e-commerce company or a web-based application startup, a DDoS website attack can ruin you. Moreover, even cloud-based storage solutions and servers all end up being potential targets. If one vendor is attacked, everyone in the cyber ecosystem is attacked. Constant vigilance means continuous monitoring as part of a security-first approach to compliance.

Assess Your Data Environment

Before monitoring, you need to assess your digital footprint. Knowing where your risks of a DDoS attack are greatest can help you put controls in place to monitor, detect, and respond to them. Protecting against attacks requires you to catalog your networks, systems, and software. Additionally, you need to maintain up-to-date vendor lists that include service level agreements aligning their security posture to yours.

Monitor Continuously

Continuously monitoring your data environment will help you detect threats to your network and website. DDoS attacks are tricky little buggers. They try to hide within your networks to look like normal traffic, but they’re really there just like termites, eating away at your protections. To protect against attacks, you need to continuously monitor your environment with a system that alerts you to unusual traffic as a way to identify potential threats.

Respond Rapidly

Actions speak louder than words in a digital ecosystem. The faster you detect an attack, the more rapidly you can respond. A faster response enables you to mitigate the DDoS attack’s effects or prevent damage. Moreover, depending on your industry, you may need to respond and notify affected parties within a specific time frame, which makes continuous monitoring so critical.

Talk to vendors

You may not be the attack target, but one of your vendors may be the weakest link in your security. If you see something, say something. Defining key performance indicators for security in your service level agreements gives you a way to respond to vendors. If they don’t change, then you need to find a new vendor.

Zeguro’s Commitment To Transparency Can Help

Solutions to DDoS attacks feel complex. At Zeguro, our commitment to transparency is founded on three principles to help you regain control when you feel overwhelmed.

  • Honesty. Cybersecurity conversations are difficult. We know that. This is why when we review your risk profile with you, we’ll be honest about how to protect your server from DDoS attacks or how to find a vendor to help you.
  • Clarity. We’re focused on plain language. While explaining what must be done to stop DDoS attacks, we’ll use the clearest, most approachable language possible so that you understand the problem and how to fix it.
  • Simplicity. If you do experience a DDoS attack online, we’ll help help you handle the cyber incident and engage with you directly to make the process less complicated.

For more information about how we can help you, check out our risk management platform or contact us at Zeguro to learn more.

Zeguro is a cyber safety solution and insurance provider for small to mid-sized businesses (SMBs), offering a comprehensive suite of tools for risk mitigation and compliance, as well as insurance premiums that are tailored to the size, sector and profile of a company.
Learn more →

No items found.
Karen Walsh
Written by

Karen Walsh

Contributing Editor

14 years internal audit experience.; award-winning writing professor. Cybersecurity writer focused on compliance and end-user awareness.

Sign up for the latest news

Oops! Please make sure your email is valid and try again.