Retail and hospitality organizations are facing a surge in distributed denial-of-service (DDoS) attacks. As adversaries adopt new tools, leverage APIs, and exploit transactional endpoints, layered defenses and edge-based mitigation have become critical to maintaining uptime and customer trust through the peak holiday season.
What We’re Seeing
In the past year, DDoS activity targeting retail and hospitality has intensified in both scale and complexity. Attackers are no longer simply trying to take down a website — they’re strategically disrupting the systems that generate revenue and power the customer experience.
1. The rise of DDoS-for-Hire services
Booter and stresser platforms have commoditized disruption. For a small fee, even low-skill attackers and hacktivist groups such as Decay, DDoSia, MegaMedusa, and RipperSec can launch large-scale assaults. This accessibility has expanded the threat surface, enabling ideologically and financially motivated actors alike to target retail and hospitality brands.
2. Transactional endpoints under fire
APIs, checkout systems, and booking engines have become prime DDoS targets. Because they handle sensitive customer interactions and generate immediate financial impact, these endpoints offer high leverage for attackers and low cost of execution. In many cases, they are exploited alongside credential-stuffing and bot-driven abuse campaigns.
3. Record-breaking attack volumes
In May 2025, Akamai observed a peak Layer 7 attack reaching 113 billion requests within 5.5 hours — more than 8 million per second — peaking at 81 Gbps. This unprecedented volume overwhelmed several commerce environments and underscores the speed with which attackers can mobilize globally distributed infrastructure.
4. Layered, sequential tactics
Adversaries increasingly combine volumetric (Layer 3/4) and application-level (Layer 7) vectors. These multi-vector assaults often serve as smokescreens for secondary attacks such as credential stuffing, data exfiltration, or fraud, complicating detection and response.
5. Global distribution of attacks
Today’s DDoS campaigns are sourced from cloud-based infrastructure spread across more than 100 countries, with significant concentrations traced to Russia, China, and Iran. The distributed nature of these attacks makes attribution challenging and defense coordination essential.
What We Think
The DDoS threat landscape is evolving faster than most defenses. Three clear trends stand out:
- Escalation in scale and persistence. Threat actors are coordinating across communities, sharing tooling, and leveraging easily accessible cloud resources to maintain pressure on targets.
- Expansion of attack surfaces. APIs and transactional services now represent the front line of DDoS exposure, not just traditional web front ends.
- Necessity of adaptive defense. Static, single-layer solutions can no longer withstand modern campaigns. Attackers exploit every unprotected surface, making continuous tuning and layered visibility non-negotiable.
For retail and hospitality organizations, this evolution means that DDoS resilience is no longer a network-level problem — it’s a business continuity issue. Protecting brand trust and transaction integrity demands a proactive, multi-layered approach.
What You Should Do
1. Strengthen multi-layer defenses
Ensure visibility and mitigation across L3, L4, and L7, particularly for APIs, checkout workflows, and DNS. Cross-functional coordination between security, infrastructure, and digital teams is critical.
2. Block malicious traffic at the edge
The most effective DDoS mitigation happens before traffic reaches origin systems. Edge-based protection absorbs volumetric floods and filters malformed or malicious requests, preserving application availability.
3. Continuously tune defenses
DDoS mitigation isn’t “set and forget.” Apply rate controls, evolve bot-detection rules, and update web application firewall (WAF) policies as attackers shift fingerprints. Measure effectiveness through real-time telemetry and adaptive response.
4. Prepare for peak season
Holiday periods draw both customers and adversaries. Conduct load testing and red-team exercises, review incident-response playbooks, and validate protections for all public-facing hostnames and APIs.
5. Explore emerging visibility tools
Capabilities such as JA4 fingerprinting offer deeper insight into encrypted traffic and attacker behavior. Discuss beta programs or enhanced monitoring rules with your security partners to stay ahead of evolving threats.
Conclusion
Retail and hospitality organizations operate in high-visibility, always-on environments where downtime equals lost trust and revenue. As DDoS campaigns grow in power and precision, defending against them requires the same agility that defines modern digital business.
The path forward is clear: block at the edge, monitor continuously, and tune relentlessly.
By building resilience now, security teams can ensure that every guest, shopper, and transaction experience remains uninterrupted — even when adversaries are at their busiest.
