Financial attacks through DDoS (Distributed Denial of Service) incidents are surging in the field of financial services, coinciding with escalating geopolitical conflicts.

Financial attacks through DDoS (Distributed Denial of Service) incidents are surging in the field of financial services, coinciding with escalating geopolitical conflicts.

In 2023, the financial services industry witnessed a significant increase in Distributed Denial of Service (DDoS) attacks, making it the most frequently targeted sector. According to a report from FS-ISAC and Akamai, these attacks rose 154% year-over-year, primarily due to the rise of cyber hacktivist groups and increasingly powerful botnets.

The surge in DDoS attacks is partly attributed to a shift towards application-layer (Layer 7) attacks, which are harder to detect and mitigate because they mimic legitimate user traffic and exploit application vulnerabilities. The financial sector accounted for about 35% of all DDoS attacks in 2023, surpassing the gaming industry, which had previously led all sectors.

The increase in DDoS attacks is also linked to the use of these attacks as a smokescreen for more complex threats like account takeover or money laundering. Global sources of attacks are diverse, with top originating countries including Russia, the US, and Brazil.

The impacts of DDoS attacks on the financial services sector are far-reaching. Service disruption and business downtime can lead to substantial operational interruption, degraded customer trust, and lost revenue. Costs can reach up to $22,000 per minute of downtime for affected businesses. Financial losses are amplified by associated cybercriminal activity hidden behind attacks.

The rise in attack duration and scale complicates mitigation efforts. For instance, a notable Layer 7 attack lasted for 65.5 hours. The attacks are becoming larger in volume, with the peak of a recorded DDoS attack reaching 633.7 gigabits per second and 55 million packets per second.

Preventing DDoS attacks requires a multi-layered approach. Employing advanced DDoS mitigation services with real-time traffic analysis and scrubbing to filter malicious traffic is crucial. Regular infrastructure stress testing strengthens resilience and helps identify weaknesses in defenses. Incident response planning aids rapid containment and recovery.

Access and credential management, tightening internal data access, enforcing strong password policies, and eliminating stale or ghost accounts reduce the attack surface. Botnet detection and blocking minimizes DDoS vectors. A layered defense approach, combining network-layer protections with application-layer defenses, is essential to counter evolving attacks.

Successfully disrupting operations in the financial services sector can lead to severe reputational risks and distrust in the global financial system. For instance, Teresa Walsh, chief intelligence officer and managing director, EMEA, at FS-ISAC, stated that such disruptions can have significant consequences. Akamai prevented a DDoS attack on a major U.S. financial institution in September, highlighting the importance of robust defenses.

Conor McLaren, principal adversary hunter at Dragos, stated that these attacks, while often unsophisticated, can draw significant attention to geopolitical and social causes. The Russia-Ukraine war in February 2022 and the Israel-Hamas war in October are cited as examples of such periods.

In conclusion, the rise in DDoS attacks against financial services in 2023 reflects a growing complexity in attack methods and increasing exploitation of internal security weaknesses. Effective mitigation requires continuous investment in advanced, layered defenses and proactive security governance.

1. The rise in DDoS attacks, especially application-layer attacks that exploit vulnerabilities, has highlighted the need for financial businesses to invest in advanced cybersecurity solutions.
2. As business losses from DDoS attacks are amplified by associated cybercriminal activity, it's essential for the finance sector to prioritize a multi-layered approach to cybersecurity, including botnet detection and blocking, regular infrastructure stress testing, and incident response planning.
3. The continual evolution of DDoS attacks, which often draw attention to geopolitical and social issues, underscores the importance of a layered defense approach that combines network-layer protections with application-layer defenses in the realm of technology and business.

Read also: