In the dynamic world of cybersecurity, November 13, 2023, marked a significant milestone for Imperva as we successfully mitigated the largest application-layer DDoS attack we’ve ever recorded in the retail industry. The target was a prominent Indonesian eCommerce platform, known for its diverse offerings—ranging from electronics to fashion, and a marketplace that hosts a variety of sellers.
The attack originated from over 6,300 unique IP addresses, predominantly from the United States and Indonesia, with an average risk score— the probability that the IPs are involved in criminal activity—of 79%. The attack escalated to a staggering 2.3 million requests per second (RPS) within just six minutes. This set a new benchmark for application-layer DDoS attacks in the retail domain, and is now a record-holder for Indonesian websites.
Typically, DDoS attacks targeting the retail industry are employed to disrupt sales, interfere with product launches, and divert customers to competitors. During this attack, we monitored an increase in traffic to competitor sites. On average, retail sites experience a peak of 340,000 RPS per month, facing around 60 attacks daily. During the holiday season, these levels will commonly spike, reaching an average peak of 530,000 RPS.
The recent attack, however, signifies a staggering 353% surge from these averages, dwarfing even the previous record for a retail DDoS attack, which stood at 1.2 million RPS. This incident not only doubled the size of the previous record, but underscores a worrying trend.
Application-layer DDoS attacks, particularly in the retail industry, are becoming an increasingly prevalent and formidable threat. Over the past year, retail alone has seen a 417% increase in DDoS attacks. These attacks, which are becoming easier and more affordable for cybercriminals to execute, can lead to significant revenue loss, reputational damage, and the loss of customers to rival businesses. This latest incident is a stark reminder of the escalating scale and sophistication of cyber threats in retail, signaling a critical need for enhanced cybersecurity measures.
It’s important to remain vigilant and ensure your sites are protected. Visit the Imperva DDoS Protection product page to learn how Imperva can help your business guard against threats.
Try Imperva for Free
Protect your business for 30 days on Imperva.