Zach Varnell, senior AppSec consultant at nVisium, said: ““DDoS attacks often go hand-in-hand with ransom notes demanding money to stop the attack. If these ransom notes get paid even at a small fraction of their frequency, DDoS operators will be incentivized to continue such schemes. This sometimes includes making good on their promise to attack those who do not pay up.
“Financial services were originally hit hard by these DDoS ransom threats and for obvious reasons as rich targets for cybercrime. Since there are far more online retailers than financial institutions today, and multiplying in their online presence owing to COVID-19, it is highly likely that targeting this industry is now becoming a lucrative source of ransom threats through DDoS attacks.”
He also pointed out that there are more customers shopping online now and therefore plenty of sensitive customer data to breach and exfiltrate, threatening online retailers who have previously not been security savvy.