Surge In DDoS Attacks On Financial Services

The cloud company that powers much of the Interent, Akamai Technologies, has released a new report that shows financial services remains the most frequently targeted industry by Layers 3 and 4 distributed denial-of-service (DDoS) attacks for the second consecutive year.  

Navigating the Rising Tide: Attack Trends in Financial Services finds that financial services account for 34% of DDoS attacks. This is followed by gaming at 18% and high technology at 15%.

Layer 3 and Layer 4 DDoS attacks target network and transport layers, overwhelming network infrastructure and exhausting server resources and bandwidth. The Report reveals that the increased DDoS events stem from ongoing geopolitical tensions, which are behind a surge in hacktivist activities.

This includes one of the biggest cyber attacks Akamai has ever observed against a major financial services company in Israel.

Akamai's report details the involvement of well-known threat actors such as REvil, BlackCat, Anonymous Sudan, KillNet, and NoName057, all notable for their activities related to the Russia-Ukraine war.

Other Main Findings of the Report Include:

  • Financial services is the sector most impacted by brand impersonation and abuse (36%). This is far ahead of the second most targeted vertical, commerce (26%).
  • Phishing dominates the counterfeit domains that are targeting financial services, accounting for 68% of all recorded instances. Brand impersonation follows in second place, representing 24% of all recorded domains.
  • Akamai observed sharp increases in the number of Layer 7 DDoS attacks that specifically target APIs. Of particular concern are undocumented shadow APIs, which are often unprotected because information security teams are unaware of their existence. Attackers can exploit these APIs to exfiltrate data, bypass authentication controls, or perform disruptive acts.
  • DDoS event frequency doesn't always correlate with attack intensity. Although some months show few attacks, the corresponding data indicates significant traffic spikes, emphasising the need to consider both attack frequency and volume when assessing DDoS attacks.

In comment, Steve Winterfeld, Advisory CISO at Akamai said “Cyber crime poses a significant threat to the financial services sector as it tries to cause widespread disruption and serious economic damage... This report is designed specifically to help financial services cybersecurity professionals around the globe understand the increasingly complex threat landscape and best practices to protect customers.”

The report  also features a case study on credential stuffing attacks; a security spotlight on DDoS attack intensity; regional data; sections on Zero Trust and microsegmentation; and mitigation strategies for defending against DDoS attacks, phishing, brand abuse, and ransomware.

Akamai     |     PR Newswire

Image: 

You Might Also Read: 

DDoS Attack Knocks Azure Offline:


If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

« Improving Cyber Security With AI
Advances In Recognising Deepfakes »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Business Intelligence Associates (BIA)

Business Intelligence Associates (BIA)

BIA's TotalDiscovery is a defensible and cost-effective corporate preservation and legal compliance software solution.

Inspired eLearning

Inspired eLearning

Inspired eLearning deliver solutions that help clients nurture and enhance workforce skills, protect themselves against cyberattacks and regulatory violations.

Fidus Information Security

Fidus Information Security

Fidus is a team of security professionals providing Penetration Testing and Cyber Security Consulting services throughout the UK and worldwide.

Cyphercor

Cyphercor

Cyphercor is a leading smartphone and desktop-based two-factor authentication (2FA) provider.

Intelligent Business Solutions Cyprus (IBSCY)

Intelligent Business Solutions Cyprus (IBSCY)

IBSCY Ltd is a leading provider of total IT solutions and services in Cyprus specializing in the areas of cloud services and applications, systems integration, IT infrastructure and security.

iFluids Engineering

iFluids Engineering

iFluids Engineering is a leading engineering consulting and risk management firm providing a full range of services including Cyber Security for Industrial Control Systems.

Sky Data Vault

Sky Data Vault

Sky Data Vault provide the simplest and most cost effective method of Disaster Recovery / Business Continuity for mission critical systems and applications.

InFyra

InFyra

InFyra is an IoT & Telecoms specialist consultancy, with extensive global and local experience in business and technology strategy, networks and solutions development.

Knowledge Transfer Network (KTN)

Knowledge Transfer Network (KTN)

KTN links new ideas and opportunities with expertise, markets and finance through our network of businesses, universities, funders and investors.

Semmle

Semmle

Semmle's code analysis platform helps teams find zero-days and automate variant analysis. Secure your code with continuous security analysis and automated code review.

Artifice Security

Artifice Security

Artifice Security will demonstrate real-world attacks on your network, web applications, infrastructure, and personnel to expose your hidden security risks.

DataSolutions

DataSolutions

DataSolutions is a leading value-added distributor of transformational IT solutions in the UK and Ireland.

ActiveFence

ActiveFence

ActiveFence enables Trust & Safety teams to be proactive about online integrity so they can keep their users safe from online harm – across content formats, languages, and abuse areas.

Chestnut Hill Technologies (CHT)

Chestnut Hill Technologies (CHT)

CHT provide Best Practices IT Cybersecurity and Technology Solutions and Consulting Support to the Mid Cap through Fortune 1000 Nationwide.

ACDS (Advanced Cyber Defence Systems)

ACDS (Advanced Cyber Defence Systems)

ACDS was founded in the belief that cyber security can be done better. We’re combining emerging technologies and proven methods to bring a new approach to tackling the growing threat landscape.

Cysmo Cyber Risk

Cysmo Cyber Risk

Cysmo is an innovative cyber risk assessment platform specifically designed for the needs of the German insurance industry.