In 2023, distributed denial-of-service (DDoS) attacks reached new heights of size and sophistication. The financial sector is the top target across most of the world.
Though DDoS attacks infrequently interrupt internal operations or extract data from mature financial services organizations, they can have an outsized impact on customer confidence. When a website is unavailable – even for seconds – customers can infer that the entire organization is compromised which damages the firm’s reputation.
Much of the upsurge in DDoS attacks beginning in 2022 is attributable to motivated hacktivists, intent on creating as much disruption as they can. Hacktivists use DDoS as a tool of geopolitical conflict and political instability, and will likely continue using that tool as long as it proves effective. Indeed, DDoS attacks increased in 2023 in concert with the outbreak of the Israel-Hamas war and political summits such as the COP 28, during which a noticeable spike in HTTP attacks targeting environmentalist websites was observed.
Along with hacktivists, nation-states, ransomware attackers, and criminal groups all rely on DDoS attacks as part of a layered attack pattern, including as a decoy to divert organizational resources while a threat actor conducts another type of attack. Large-scale DDoS attacks cost little to provision and launch using readily available DDoS-for-hire services and underground markets. It is recommended that financial services organizations optimize their cyber defenses to protect their operations and reputations, and remain compliant as regulations evolve.
Akamai is the founding participant of FS-ISAC’s Critical Providers Program, launched in 2022 to bolster the financial sector’s supply chain security.