Financial services sector remains top DDoS target, Akamai reports
A new report by Akamai Technologies, named "Navigating the Rising Tide: Attack Trends in Financial Services," has found that the financial services sector remains the most frequently targeted industry for Layer 3 and 4 distributed denial-of-service (DDoS) attacks for the second consecutive year.
The report disclosed that financial services account for 34% of these attacks, with gaming and high technology following at 18% and 15%, respectively.
The Asia-Pacific and Japan (APJ) region is facing significant cybersecurity challenges due to its varied economic landscape, making it a prime target. The region holds the highest median threat score for phishing, primarily due to suspicious domains and requests. The rapid digitalisation of banking services alongside a low awareness of phishing risks increases consumer vulnerability, despite fewer phishing domains in the APJ compared to other regions. The lag in adopting advanced cybersecurity measures, coupled with high digitalisation and extensive social media use, heightens the risk of brand abuse and phishing attacks.
"Financial institutions in APJ face a trifecta of challenges in today's landscape such as safeguarding assets and data, ensuring compliance, and staying ahead of innovation to educate customers on the latest phishing and scam tactics," said Reuben Koh, Director of Security Technology & Strategy, APJ, Akamai Technologies. He added, "Traditional security mechanisms often fall short in detecting sophisticated threats like ransomware and API abuse, underscoring the need for modern AI-powered security technologies to better protect the organisation, meet new regulatory standards, and protect customer trust."
Koh emphasised the importance of using scalable security solutions to protect assets and maintain customer loyalty. "With financial services continuing to be the most targeted industry in APJ for web application and API cyberattacks, technology decision-makers like Chief Information Security Officers must carefully decide where to automate, delegate, and outsource," Koh advised.
Additional key insights from the report include that financial services are the sector most affected by brand impersonation and abuse, accounting for 36% of all suspicious sites monitored by Akamai. Commerce is the second most targeted vertical at 26%. Phishing dominates counterfeit domains targeting financial services, making up 68% of instances, followed by brand impersonation at 24%.
The report also observed a sharp rise in Layer 7 DDoS attacks specifically targeting applications via APIs. Undocumented shadow APIs pose a major concern as they are often unprotected due to the information security teams being unaware of their existence. Attackers can exploit these APIs to steal data, bypass authentication controls, or perform disruptive activities, the report said.
Interestingly, the frequency of DDoS events does not always correlate with attack intensity. Data indicates that while some months have fewer attacks, there are significant traffic spikes, suggesting that both attack frequency and volume should be taken into account when assessing DDoS attacks.