Geopolitical tensions driving surge in DDoS attacks on financial institutions, Akamai finds
Akamai Technologies, Inc., the cloud company that powers and protects life online, today released a new State of the Internet (SOTI) report that shows financial services remains the most frequently targeted industry by Layers 3 and 4 distributed denial-of-service (DDoS) attacks for the second consecutive year. Navigating the Rising Tide: Attack Trends in Financial Services finds that financial services account for 34% of DDoS attacks. This is followed by gaming at 18% and high technology at 15%.
Layer 3 and Layer 4 DDoS attacks target network and transport layers, overwhelming network infrastructure and exhausting server resources and bandwidth. The report reveals that the increased DDoS events stem from ongoing geopolitical tensions, which have fueled a surge in hacktivist activities. This includes one of the largest cyberattacks Akamai has ever observed against a major financial services company in Israel.
Navigating the Rising Tide: Attack Trends in Financial Services also details the involvement of well-known threat actors such as REvil, BlackCat (ALPHV), Anonymous Sudan, KillNet, and NoName057—all notable for their activities related to the Russia-Ukraine war.
Other main findings of the report include:
- Financial services is the sector most impacted by brand impersonation and abuse (36%). This is far ahead of the second most targeted vertical—commerce (26%).
- Phishing dominates the counterfeit domains that are targeting financial services, accounting for 68% of all recorded instances. Brand impersonation follows in second place, representing 24% of all recorded domains.
- Akamai observed sharp increases in the number of Layer 7 DDoS attacks that specifically target APIs. Of particular concern are undocumented shadow APIs, which are often unprotected because information security teams are unaware of their existence. Attackers can exploit these APIs to exfiltrate data, bypass authentication controls, or perform disruptive acts.
- DDoS event frequency doesn't always correlate with attack intensity. Although some months show few attacks, the corresponding data indicates significant traffic spikes, emphasizing the need to consider both attack frequency and volume when assessing DDoS attacks.
"Cybercrime poses a significant threat to the financial services sector as it tries to cause widespread disruption and serious economic damage," said Steve Winterfeld, Advisory CISO at Akamai. "This report is designed specifically to help financial services cybersecurity professionals around the globe understand the increasingly complex threat landscape and best practices to protect customers."
Navigating the Rising Tide: Attack Trends in Financial Services also features a guest column from the Global Head of Intelligence at FS-ISAC; a case study on credential stuffing attacks; a security spotlight on DDoS attack intensity; regional data; sections on Zero Trust and microsegmentation; and mitigation strategies for defending against DDoS attacks, phishing, brand abuse, and ransomware.
This year marks the 10th anniversary of Akamai's SOTI reports. The SOTI series provides expert insights on the cybersecurity and web performance landscapes, based on data gathered.