DDoS attacks against financial industry up by 154%

“DDoS attackers use a variety of techniques to annoy, harass, and extort companies. These attacks cost little to launch and can do serious damage to a company’s brand.”

Financial services firms are facing a significant increase in Distributed Denial-of-Service (DDoS) attacks, according to a joint report by FS-ISAC and Akamai Technologies.

Titled “DDoS: Here to Stay,” the research highlights a troubling rise in these cyberattacks, particularly in the Asia-Pacific region where the financial sector is the third-most targeted sector, following commerce and gaming. Notably, 91% of these attacks in the region were directed at banking institutions, a figure that stands at 63% globally.

Geopolitical tensions driving the rise of DDoS attacks

The study indicates that the financial services industry experienced a 154% rise in DDoS attacks from 2022 to 2023, with 35% of all global DDoS attacks targeting this sector. This makes it the most-attacked industry worldwide, surpassing the gaming sector. The escalation is attributed to the increased power of botnets and hacktivism, partly fueled by geopolitical tensions such as the Russia-Ukraine War.

Akamai’s mitigation efforts were highlighted in the report, showcasing their successful defense against the largest DDoS attacks on their clients in the United States, Europe, and the Asia-Pacific, including a record-breaking attack without causing any collateral damage.

The report also sheds light on how DDoS attacks are leveraged by nation-states, ransomware attackers, criminal groups, and hacktivists, often using affordable DDoS-for-hire services found on the dark web. It emphasizes the importance of robust cyber hygiene policies for organizations to mitigate the impact of these attacks.

Key findings from the report include the rapid growth in the number and volume of DDoS attacks, especially during the second and third quarters of 2023. Firms with strong brand recognition, especially larger banks, are more frequently targeted. These attacks not only disrupt business operations but may also serve as a smokescreen for other malicious activities like data theft.

The report highlights a significant regional variance, with the financial services sector in the EMEA region accounting for 66% of all DDoS attacks, compared to 28% in North America. This underlines the use of DDoS as a tool for political motives and cyber warfare, especially highlighted by the situation in Ukraine.

“DDoS campaigns are becoming more persistent and increasingly multi-vector”

Teresa Walsh, Chief Intelligence Officer and Managing Director, EMEA, at FS-ISAC, said: “While DDoS is an age-old problem, there is a renewed focus driven by heightened geopolitical tensions as nation-states and hacktivists seek to disrupt operations and break trust in the global financial system. These DDoS campaigns are becoming more persistent and increasingly multi-vector as they target all areas of the financial sector, including wealth management, banking, credit cards, digital payments, and insurance.”

Steve Winterfeld, Advisory CISO at Akamai, commented: “DDoS attackers use a variety of techniques to annoy, harass, and extort companies. These attacks cost little to launch and can do serious damage to a company’s brand. DDoS: Here to Stay explains why the financial sector will continue to see attacks from a variety of threat actors and demonstrates why organizations must prioritize robust cyber hygiene, optimize cyber defences, and ensure compliance with evolving regulations.”

ION Markets was attacked last year

In March 2023, FIA’s Walt Lukken spoke before the US Commodity Futures Trading Commission’s Market Risk Advisory Committee about the recent ION Markets ransomware attack and announced the launch of a cyber risk taskforce unit.

ION Markets is a software service provider that offers middle- and back-office products to several clearing firms active in futures markets, not only in the US but also in Europe, Asia-Pacific, and the rest of the Americas. Those services are embedded in the execution and clearing workflow at these firms, and any disruption makes it difficult for firms to process their trades promptly and efficiently.

The cybersecurity event was a ransomware attack that forced several European and U.S. banks to revert to manual processes. A memo from Ion obtained by Bloomberg confirmed the attack was the work of the Russian-linked LockBit ransomware gang, who claimed responsibility for the attack and is threatening to leak data stolen from the company on February 4 unless a ransom demand is paid. Bloomberg reported that the attack affected at least 42 of Ion’s clients and forced several European and U.S. financial institutions to process some derivative trades manually.