SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware
Search
Story image
#
Firewalls
#
DDoS
#
Network Security

APAC financial sector faces 245% surge in DDoS attacks, report finds

Yesterday
Author image
By Melvin Hipolito, Editor

Financial institutions in the Asia-Pacific (APAC) region saw a 245% rise in volumetric Layer 3 and 4 distributed denial-of-service (DDoS) attacks last year, accounting for 38% of such incidents globally, according to a new joint report by FS-ISAC and Akamai.

The report, titled From Nuisance to Strategic Threat: DDoS Attacks Against the Financial Sector, outlines the growing scale and persistence of DDoS attacks targeting APAC's financial sector. In 2023, APAC only accounted for 11% of these incidents, highlighting the extent of the increase.

The analysis found that over 20 financial institutions across six countries were affected by sustained DDoS campaigns in the fourth quarter of 2024, creating downstream risk that could impact up to USD $8 trillion in value. These attacks were notable not for their size, but for their persistence and continuity, a trend not previously seen in APAC.

The wave of attacks impacted multiple sectors, including retail banking, payment processing, investment banking, and financial governmental institutions. The report attributes a significant growth in application-level (Layer 7) attacks to the increasing use of application programming interfaces (APIs) within financial services. This expansion of digital infrastructure has introduced new vulnerabilities and a broader attack surface for malicious actors.

FS-ISAC's Chief Intelligence Officer and Managing Director, EMEA, Teresa Walsh, commented on the changing character of DDoS threats:

"DDoS attacks are becoming increasingly sophisticated, evolving from simple network flooding to targeted, multi-dimensional assaults that exploit intricate vulnerabilities across the entire supply chain. As threat tactics continue to evolve — including those impacting APAC's increasingly digital financial systems — we must ensure our technical defenses evolve and our people, tools, and processes work seamlessly together. It is critical that we harden our infrastructure and foster a culture of continuous vigilance and collaboration to protect continuity and customer trust."

Reuben Koh, Director of Security Technology & Strategy, APJ at Akamai, highlighted the changing nature of DDoS campaigns in the region:

"DDoS attacks in APAC are no longer blunt-force attempts, but sophisticated multi-vector campaigns that exploit vulnerable systems and exposed APIs. As highly coveted target sectors like financial services, commerce, and manufacturing accelerate digital growth, these continuous attacks pose growing operational and reputational risks, and organizations must work with trusted cybersecurity partners who can provide the intelligence, scalability, and agility needed to defend themselves in today's threat landscape."

The joint report also connects the increase in attacks to broader developments, including ongoing geopolitical tensions such as the Israel-Hamas and Russia-Ukraine conflicts. These events have led to a noted rise in ideologically driven hacktivism and blurred the lines between DDoS-for-Hire groups, hacktivists, and state-sponsored actors. The proliferation of DDoS-for-Hire platforms has made these attack tools accessible to a wider range of threat actors.

Globally, the financial sector remained the most targeted industry segment for Layer 3 and 4 DDoS attacks, making up 37% of incidents. This marks the second consecutive year that financial services have led in reported attack numbers, followed by gaming at 20% and manufacturing at 17%. No other sector experienced a similar surge, according to the report's findings.

The publication discusses strategies for improving defences through the FS-ISAC and Akamai-developed DDoS Maturity Model. This framework provides a benchmark for readiness and recommends targeted investment in defence strategies for organisations managing financial infrastructure and sensitive data.

The DDoS Maturity Model highlights several key actions for financial institutions and related entities:

  • Adopt real-time behavioural analytics and traffic baselining
  • Implement threat intelligence-led automation for detection and mitigation
  • Strengthen DNS and API security with continuous testing and hardening
  • Use geo-IP filtering to reduce exposure from high-risk regions

The report also contains regional data, profiles of hacktivist groups, and an overview of mitigation strategies and best cyber hygiene practices. It notes the importance of mapping organisational capabilities and practices against different stages of maturity in DDoS defence, offering a structured approach to managing a rising strategic threat.

Akamai's collaboration with FS-ISAC on this research builds on the company's involvement in FS-ISAC's Critical Providers Program, which was launched to strengthen supply chain security within the financial sector.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
SMBs overestimate cyber readiness as tools & AI uptake lag
Over 80,000 Microsoft Entra ID accounts hit by major takeover campaign
Digital.ai launches Quick Protect Agent for rapid app defence
Swimlane secures USD $45m funding to drive AI automation growth
LevelBlue to acquire Aon’s cyber consulting teams in global deal
Top stories
Fake booking sites push malware as HP warns of click fatigue
Red Canary deploys AI agents to slash security investigation times
ReliaQuest details Black Basta’s legacy & rise of Teams phishing
Salesforce industry cloud flaws put sensitive data at global risk
CloudTech raises AUD $14 million to launch digital asset custody