Financial institutions experience a surge in Distributed Denial of Service (DDoS) attacks amidst escalating geopolitical strife

Financial institutions experience a surge in Distributed Denial of Service (DDoS) attacks amidst escalating geopolitical strife

=======================================================================

The financial services sector experienced a significant rise in Distributed Denial of Service (DDoS) attacks in 2023, making it the most frequently targeted sector, according to a report from FS-ISAC and Akamai.

By October, security researchers warned of a novel zero day vulnerability, known as HTTP/2 Rapid Reset, being used to launch some of the most powerful DDoS attacks ever recorded. These attacks, while often unsophisticated, can draw significant attention to geopolitical and social causes, as stated by Conor McLaren, principal adversary hunter at Dragos.

The surge in DDoS attacks against the financial services industry was driven by multiple key factors. Advanced botnets, doubling in presence to account for 32% of web traffic being fraudulent, facilitated large-scale attacks that can exceed 71 million requests per second. The BFSI (Banking, Financial Services and Insurance) sector, with its high-value nature and widespread digital transformation, experienced twice as many DDoS attacks compared to other sectors.

Geopolitical conflicts, expanded threat surfaces, and AI-assisted attack tools have sharply escalated attack frequency and complexity, particularly in regions like APAC. AI technology lowered barriers for attackers by automating and enhancing tactics, enabling more persistent and sophisticated threats that bypass traditional defenses.

The implications of these attacks were severe. DDoS attacks caused costly downtime, with estimates reaching up to $22,000 per minute, severely impacting banking operations including clearing, payments, and treasury functions. High-profile attacks, such as on ICBC Financial Services, led to significant disruptions in payment systems, temporarily owing large unsettled amounts, and raising concerns over systemic financial stability.

More than half of security leaders cited service disruptions as a major challenge in managing evolving DDoS threats, requiring more dynamic and resilient defense strategies. The trend of rising DDoS attack volumes, including low-rate HTTP floods and DNS floods, continues, challenging detection and mitigation efforts.

Financial institutions remain prime targets due to their critical role, with threats evolving alongside digital banking adoption and fintech growth. Fraudulent bot traffic remains a significant portion of web interactions, complicating defenses.

U.S. authorities warned in July that threat groups were potentially targeting multiple sectors using DDoS capabilities. Hacktivist groups have been using DDoS attacks as a tool to disrupt institutions during times of rising geopolitical tensions, starting with the Russia-Ukraine war in February 2022 and the Israel-Hamas war in October.

In September, Akamai prevented a DDoS attack on a major U.S. financial institution. Historically, DDoS attacks against the financial services sector accounted for about 10-15% of all attacks, but this trend began to rise in 2021. One group reportedly targeted the Treasury Department's Electronic Federal Tax Payment System.

Successfully disrupting operations in the financial services sector, even for a moment, can lead to severe reputational risks and distrust in the global financial system, as stated by Teresa Walsh, chief intelligence officer and managing director, EMEA, at FS-ISAC. The financial services sector must continue to enhance its cybersecurity defenses and incident response capabilities to counteract these ongoing threats.

[1] "2023 DDoS Threat Intelligence Report" by Akamai [2] "2023 APAC Threat Intelligence Report" by Akamai [3] "2023 DDoS Trends and Threats Report" by Radware [4] "2023 FS-ISAC DDoS Threat Intelligence Report" by FS-ISAC [5] "2023 DDoS Threat Landscape Report" by Neustar

1. The financial services sector's increasing reliance on technology for business operations has exposed a vulnerability, making it a prime target for cybersecurity threats such as DDoS attacks, given the high-value nature of the sector and the severe reputational and financial consequences of successful attacks.
2. As cyberattacks on the financial services sector escalate, driven by factors like AI-assisted attack tools and expanded threat surfaces, financial institutions must implement more dynamic and resilient cybersecurity defenses to counter ongoing threats, as highlighted in the 2023 FS-ISAC DDoS Threat Intelligence Report.

Read also: