There has been an increase in DDoS attacks targeting the financial services industry, a new report has found.
FS-ISAC and Akamai Technologies have together released new research on the threat that Distributed Denial-of-Service (DDoS) attacks pose to the financial services sector.
The report, titled, The Evolution of DDoS: Return of the Hacktivists, notes that 2022 saw a 22 percent uptick in the volume of DDoS attacks targeting financial firms. This is especially true across Europe, where the attacks increased by 73%, and where financial services were the target of 50% of all DDoS assaults.
The Evolution of DDoS: Return of the Hacktivist finds that much of the increase in DDoS attacks is driven by groups that have taken sides in the Russia-Ukraine war or other geopolitical conflicts. This includes organisations such as Killnet, which has targeted the United States and nations throughout Europe.
Taking a cue from ransomware attacks, many DDoS campaigns now include extortion tactics.
DDoS can serve as a cover for other, potentially more damaging cyber activities such as infiltration of systems and exfiltration of data and malware installation. This means that when cybersecurity teams encounter DDoS, they must also be on the alert for other types of attacks, putting extra strain on already limited resources.
The evolution of DDoS means that firms must update their risk profiles and mitigation measures accordingly. Far from a low-level annoyance, DDoS should increasingly be considered a key cyber defense challenge. The report discusses several mitigation strategies, including network best practices, cyber hygiene and resilience.
As more services are moved to the cloud or contracted in an aaS (as-a-Service) model, those services will depend on other supply chain components. Service disruptions anywhere in the supply chain can have a serious impact on an organisation's operation.
"The continued evolution of DDoS shows that it is far from a solved problem," says Teresa Walsh, Global Head of Intelligence at FS-ISAC.
"Working with our sectors critical providers like Akamai, who have first-hand knowledge of how DDoS is affecting the financial sector, enables us to arm our members with the understanding and guidance they need to better protect their firms and customers."
Steve Winterfeld, Advisory CISO at Akamai, says that while DDoS attacks have been around for some time, they are evolving in new, innovative and aggressive ways.
"We teamed up with FS-ISAC to produce The Evolution of DDoS: Return of the Hacktivists in an effort to better educate the financial community about the threats of DDoS and to offer some threat trends and best practices for the sector to better combat these attacks," he says.
The collaboration on this report is a product of Akamai's founding participation in FS-ISACs Critical Providers Program, launched in 2022 to bolster the financial sectors supply chain security.