Surge In DDoS Attacks On Financial Services

Uploaded on 2024-10-11 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

The cloud company that powers much of the Interent, Akamai Technologies, has released a new report that shows financial services remains the most frequently targeted industry by Layers 3 and 4 distributed denial-of-service (DDoS) attacks for the second consecutive year.  

Navigating the Rising Tide: Attack Trends in Financial Services finds that financial services account for 34% of DDoS attacks. This is followed by gaming at 18% and high technology at 15%.

Layer 3 and Layer 4 DDoS attacks target network and transport layers, overwhelming network infrastructure and exhausting server resources and bandwidth. The Report reveals that the increased DDoS events stem from ongoing geopolitical tensions, which are behind a surge in hacktivist activities.

This includes one of the biggest cyber attacks Akamai has ever observed against a major financial services company in Israel.

Akamai's report details the involvement of well-known threat actors such as REvil, BlackCat, Anonymous Sudan, KillNet, and NoName057, all notable for their activities related to the Russia-Ukraine war.

Other Main Findings of the Report Include:

  • Financial services is the sector most impacted by brand impersonation and abuse (36%). This is far ahead of the second most targeted vertical, commerce (26%).
  • Phishing dominates the counterfeit domains that are targeting financial services, accounting for 68% of all recorded instances. Brand impersonation follows in second place, representing 24% of all recorded domains.
  • Akamai observed sharp increases in the number of Layer 7 DDoS attacks that specifically target APIs. Of particular concern are undocumented shadow APIs, which are often unprotected because information security teams are unaware of their existence. Attackers can exploit these APIs to exfiltrate data, bypass authentication controls, or perform disruptive acts.
  • DDoS event frequency doesn't always correlate with attack intensity. Although some months show few attacks, the corresponding data indicates significant traffic spikes, emphasising the need to consider both attack frequency and volume when assessing DDoS attacks.

In comment, Steve Winterfeld, Advisory CISO at Akamai said “Cyber crime poses a significant threat to the financial services sector as it tries to cause widespread disruption and serious economic damage... This report is designed specifically to help financial services cybersecurity professionals around the globe understand the increasingly complex threat landscape and best practices to protect customers.”

The report  also features a case study on credential stuffing attacks; a security spotlight on DDoS attack intensity; regional data; sections on Zero Trust and microsegmentation; and mitigation strategies for defending against DDoS attacks, phishing, brand abuse, and ransomware.

Akamai     |     PR Newswire

Image: 

You Might Also Read: 

DDoS Attack Knocks Azure Offline:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

« Improving Cyber Security With AI
Advances In Recognising Deepfakes »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

City Security Magazine

City Security Magazine

City Security magazine helps promote best security practices and keep businesses informed on a wide variety of security-related issues.

SQA Service

SQA Service

SQA Service provide independent software and process Quality Assurance services.

Bastille

Bastille

Bastille’s patented software and security sensors bring visibility to devices emitting radio signals (Wi-Fi, cellular, IoT) in your organization.

The Security Awareness Company (SAC)

The Security Awareness Company (SAC)

The Security Awareness Company provides cyber security awareness training programs for companies of all sizes.

GreyCampus

GreyCampus

GreyCampus is a leading provider of training for working professionals in the areas of Project Management, Big Data, Data Science, Service Management, Quality Management and Information Security.

TCDI

TCDI

TCDI specializes in computer forensics, eDiscovery and cybersecurity services.

BigWeb Technologies

BigWeb Technologies

BigWeb Technologies is dedicated to provide its clients with ICT related services including Infrastructure Solutions, Consultancy and Security.

Valire Software

Valire Software

Valire provide a solution for the automated detection of internal fraud.

CS3STHLM

CS3STHLM

CS3STHLM is the Stockholm international summit on Cyber Security in SCADA and Industrial Control Systems.

Enterprise Incubator Foundation (EIF)

Enterprise Incubator Foundation (EIF)

Enterprise Incubator Foundation (EIF) of Armenia is one of the largest technology business incubators and IT development agencies in the region.

Mailinblack

Mailinblack

Mailinblack protects your organisation against email threats with an innovative solution that meets your security requirements.

SafePaas

SafePaas

SafePaas is a leading Enterprise Risk Management Platform. One source of truth for all your Audit, Risk, and Compliance requirements. Complete governance across your systems.

PCI Security Standards Council (PCI SSC)

PCI Security Standards Council (PCI SSC)

The PCI Security Standards Council is a global forum that brings together payments industry stakeholders to develop and drive adoption of data security standards and resources for safe payments.

Secfix

Secfix

Secfix helps companies get secure and compliant in weeks instead of months. We are on a mission to automate security and compliance for small and medium-sized businesses.

AddSecure

AddSecure

AddSecure is a leading European provider of secure IoT connectivity and end-to-end solutions.

STACK Cybersecurity

STACK Cybersecurity

STACK Cybersecurity serves as a strategic partner, guiding you through the intricate and dynamic cybersecurity landscape.