E-commerce sites are being urged to ensure that they have adequate DDoS protection ahead of the vital holiday trading season after attacks ramped up on Black Friday and Cyber Monday.

DDOS attacks reached their highest levels in November on two of the busiest online trading days of the year, statistics show.

On Black Friday, DDoS protection provider Link11 saw DDoS attacks on e-commerce providers increase by more than 70% compared with other days in November. On Cyber Monday, attacks increased by 109% compared with the November average.

Several attacks observed during Black Friday and Cyber Monday were of up to 100 Gbps, with the average attack on both just under 6Gbps compared with an average of 4.6 Gbps for the months of July to September, which represented a 40% increase compared with the previous quarter.

According to Link11, attacks approaching 6 Gbps “far exceed” the capacity of most websites. In the light of that fact, Link11 is warning online merchants, payment providers and logistics companies to expect further large-scale DDoS attacks in the run-up to the Christmas break.

Marc Wilczek, managing director of Link11, said the e-commerce industry has high expectations of the Christmas trading period. “Both criminals and competitors will take this as an opportunity to cause disruption to or extort the e-commerce industry.

“The growing ‘cybercrime-as-a-service’ sector favour this development. Online retailers should take action now to strengthen their IT security defences against DDoS attacks, in advance,” he said.

To ensure they are better protected against DDoS attacks, which could see them out of business for hours and even days, e-commerce providers can either invest in expanding their infrastructure to absorb peak loads with their own resources or deploy an adaptable cloud defence system.

If e-commerce providers choose the first option, they risk DDoS attackers being able to deliver ever greater attacks to overwhelm services, putting companies with online infrastructures that offer delivery and or payment processing services at risk to DDoS incidents in the run-up to the Christmas holiday.

However, there are ways of detecting and mitigating DDoS attacks that any business dependent on the internet can and should use, he told the Isaca CSX Europe 2017 conference in London.

It is important that such organisations take time and effort to build their DDoS defence capabilities, he said, because DDoS attacks are fairly easy and cheap for attackers to carry out.

“With the advent of botnet-based DDoS attack services that will be effective against most companies, anyone can target an organisation for just a few bitcoins,” said Parikh. “Competitors and even disgruntled employees are able to carry our DDoS attacks that can result in loss of reputation as well as lost business worth a lot more than the attacks cost,” he said.