Financial services face rising DDoS threats – Akamai

A recently published report by Akamai Technologies highlights the increasing frequency and sophistication of distributed denial-of-service (DDoS) attacks targeting the financial services industry.

Titled "Navigating the Rising Tide: Attack Trends in Financial Services," the report states that the sector continues to be the most frequently attacked by Layers 3 and 4 DDoS events for the second consecutive year.

The data indicates that the financial services industry accounts for 34% of such DDoS attacks, followed by the gaming industry at 18%, and high technology at 15%. Layers 3 and 4 DDoS attacks aim at the network and transport layers of the internet infrastructure, overwhelming servers and exhausting bandwidth.

A notable observation in Akamai's analysis points to a surge in DDoS attacks against financial services in the Middle East. This increase is attributed to geopolitical tensions in the region, including the ongoing conflict between Israel and Hamas. For example, on 15 July 2024, a major financial services company in Israel was subjected to a politically motivated DDoS attack. Originating from a globally distributed botnet, the attack peaked at 798 Gbps and lasted nearly 24 hours. Akamai managed to block approximately 419 terabytes of malicious traffic during this period.

Financial services also face significant threats from brand impersonation and phishing attacks due to the sensitive nature of the data they handle. Akamai's report reveals that brand impersonation attacks targeting financial services constitute 36% of all such incidents, significantly outpacing the second most affected sector, commerce, which experiences 26% of incidents. Phishing attacks, which seek to acquire sensitive information such as banking credentials, account for 68% of counterfeit domains targeting the financial sector. Brand impersonation follows at 24%.

"Cybercrime poses a significant threat to the financial services sector as it tries to cause widespread disruption and serious economic damage," stated Steve Winterfeld, Advisory Chief Information Security Officer at Akamai. "This report is designed specifically to help financial services cybersecurity professionals around the globe understand the increasingly complex threat landscape and best practices to protect customers."

The report also highlights that some well-known threat actors, such as REvil, BlackCat (ALPHV), Anonymous Sudan, KillNet, and NoName057, have been actively involved in cyber activities affecting financial institutions, particularly in connection with the Russia-Ukraine conflict. In addition, the incidence of Layer 7 DDoS attacks, which mainly target application programming interfaces (APIs), has seen a noticeable increase. These attacks are of particular concern due to the vulnerabilities associated with undocumented shadow APIs that are often unprotected because security teams are not aware of their existence.

Akamai's findings suggest that the financial impact of stolen credentials obtained through brand impersonation and phishing schemes can be substantial, with e-wallet and cryptocurrency account details fetching between USD $120 and USD $400 on the dark web.

The report also provided an in-depth analysis of traffic to phishing and impersonation sites in the EMEA region, declaring that the financial services industry had the highest volume of traffic to such sites over the past year, accounting for 60% of all recorded instances.

Navigating the Rising Tide: Attack Trends in Financial Services features a guest column from the Global Head of Intelligence at the Financial Services Information Sharing and Analysis Center (FS-ISAC), a case study on credential stuffing attacks, and a security spotlight on DDoS attack intensity. It also includes regional data insights, segments on Zero Trust and microsegmentation, and strategies for defending against DDoS attacks, phishing, and brand abuse.