The financial industry is under attack – as it becomes a top target for distributed denial-of-service (DDoS) efforts.
A report, titled “DDoS: Here to Stay,” by FS-ISAC and Akamai Technologies, highlights a worrying trend, particularly in the Asia-Pacific (APAC) region, where the financial services industry ranked as the third most frequent target of such cyberattacks, trailing only the commerce and gaming sectors.
The study revealed that financial services in APAC were the focus of 11% of DDoS attacks, with banks bearing the brunt in 91% of these cases, a figure that surpasses the global average of 63%.
Attributed to the enhanced potency of botnets and the rise of hacktivism, partly spurred by the ongoing conflict between Russia and Ukraine, the report noted a substantial 154% surge in DDoS attacks on the financial sector from 2022 to 2023. It further revealed that the financial services industry accounted for 35% of all DDoS attacks worldwide in 2023, thus surpassing the gaming sector as the most targeted industry globally.
The research explored how various adversaries, including state actors, ransomware syndicates, criminal organisations, and hacktivists, have adopted DDoS attacks as a tactic within their broader malicious operations. These attacks, often facilitated by affordable DDoS-for-hire services found on the dark web, underscore the critical need for companies to implement cybersecurity practices to lessen their impact.
There was a substantial uptick in the frequency and scale of DDoS attacks throughout 2023, particularly during its second and third quarters.
The findings suggest that entities with significant brand presence, especially large banking institutions, are more susceptible to such threats, although they are also more likely to have robust defence mechanisms in place.
Additionally, the report addressed the repercussions of DDoS attacks, including potential operational disruptions, erosion of customer trust, and economic losses. It also emphasised the strategic use of DDoS attacks in the EMEA region as a means of furthering political agendas, highlighting their role in contemporary cyber warfare, particularly in light of the Russia-Ukraine conflict.
Experts from FS-ISAC and Akamai shed light on the evolving threats.
“While DDoS is an age-old problem, there is a renewed focus driven by heightened geopolitical tensions as nation-states and hacktivists seek to disrupt operations and break trust in the global financial system,” said Teresa Walsh, chief intelligence officer and managing director, EMEA, at FS-ISAC. “These DDoS campaigns are becoming more persistent and increasingly multi-vector as they target all areas of the financial sector, including wealth management, banking, credit cards, digital payments, and insurance.”
Steve Winterfeld, advisory CISO at Akamai, added: “These attacks cost little to launch and can do serious damage to a company’s brand.”
