Surge In DDoS Attacks On Financial Services

Uploaded on 2024-10-11 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

The cloud company that powers much of the Interent, Akamai Technologies, has released a new report that shows financial services remains the most frequently targeted industry by Layers 3 and 4 distributed denial-of-service (DDoS) attacks for the second consecutive year.  

Navigating the Rising Tide: Attack Trends in Financial Services finds that financial services account for 34% of DDoS attacks. This is followed by gaming at 18% and high technology at 15%.

Layer 3 and Layer 4 DDoS attacks target network and transport layers, overwhelming network infrastructure and exhausting server resources and bandwidth. The Report reveals that the increased DDoS events stem from ongoing geopolitical tensions, which are behind a surge in hacktivist activities.

This includes one of the biggest cyber attacks Akamai has ever observed against a major financial services company in Israel.

Akamai's report details the involvement of well-known threat actors such as REvil, BlackCat, Anonymous Sudan, KillNet, and NoName057, all notable for their activities related to the Russia-Ukraine war.

Other Main Findings of the Report Include:

  • Financial services is the sector most impacted by brand impersonation and abuse (36%). This is far ahead of the second most targeted vertical, commerce (26%).
  • Phishing dominates the counterfeit domains that are targeting financial services, accounting for 68% of all recorded instances. Brand impersonation follows in second place, representing 24% of all recorded domains.
  • Akamai observed sharp increases in the number of Layer 7 DDoS attacks that specifically target APIs. Of particular concern are undocumented shadow APIs, which are often unprotected because information security teams are unaware of their existence. Attackers can exploit these APIs to exfiltrate data, bypass authentication controls, or perform disruptive acts.
  • DDoS event frequency doesn't always correlate with attack intensity. Although some months show few attacks, the corresponding data indicates significant traffic spikes, emphasising the need to consider both attack frequency and volume when assessing DDoS attacks.

In comment, Steve Winterfeld, Advisory CISO at Akamai said “Cyber crime poses a significant threat to the financial services sector as it tries to cause widespread disruption and serious economic damage... This report is designed specifically to help financial services cybersecurity professionals around the globe understand the increasingly complex threat landscape and best practices to protect customers.”

The report  also features a case study on credential stuffing attacks; a security spotlight on DDoS attack intensity; regional data; sections on Zero Trust and microsegmentation; and mitigation strategies for defending against DDoS attacks, phishing, brand abuse, and ransomware.

Akamai     |     PR Newswire

Image: 

You Might Also Read: 

DDoS Attack Knocks Azure Offline:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

« Improving Cyber Security With AI
Advances In Recognising Deepfakes »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Asigra

Asigra

Asigra provides an industry leading cloud backup and recovery software platform called Asigra Cloud Backup.

CloudPassage

CloudPassage

CloudPassage, a cloud security and compliance pioneer, safeguards cloud infrastructure for the world’s best-recognized brands.

Garrison Technology

Garrison Technology

Garrison SAVI® is a unique technology for secure remote browsing that can dramatically change the risk profile for enterprise cyber security.

Spire Solutions

Spire Solutions

Spire Solutions is the Middle East & Africa region’s leading cybersecurity solution provider and value-added distributor (VAD).

iQuila

iQuila

iQuila is a virtual overlay network which runs on top of an existing network. It creates a secure software enabled layer 2 connection across the internet or any public or private cloud.

Pluribus One

Pluribus One

Pluribus One develops customized solutions and other data-driven applications to secure your business and your devices.

DivvyCloud

DivvyCloud

DivvyCloud protects your cloud and container environments from misconfigurations, policy violations, threats, and IAM challenges.

Alpine Cyber Solutions

Alpine Cyber Solutions

Alpine Cyber is a Managed IT Service Provider focused on cybersecurity and cloud services.

Expel

Expel

Expel provide transparent managed security services, 24x7 detection, response and resilience.

Blackpoint Cyber

Blackpoint Cyber

Blackpoint’s mission is to provide effective, affordable real-time threat detection and response to organizations of all sizes around the world.

SAP National Security Services (NS2)

SAP National Security Services (NS2)

SAP NS2 are dedicated to delivering the best of SAP innovation, from cloud to predictive analytics; machine learning to data fusion.

MyCISO

MyCISO

MyCISO is the World’s first SaaS application that will vastly simplify security management for all.

Cyera

Cyera

Cyera is the data security company that gives businesses context and control over their most valuable asset: data.

Blockfence

Blockfence

Blockfence are a seasoned crew versed in enterprise-grade cybersecurity and crypto, on a mission to collaboratively shape the future of Web3 security.

Sev1Tech

Sev1Tech

Sev1Tech is a leading provider of IT modernization, cloud, cybersecurity, engineering, fielding, training, and program support services.

Graphiant

Graphiant

Graphiant’s Data Assurance service gives businesses end-to-end control and visibility into how data travels throughout the entire business network.