A new joint report by FS-ISAC and Akamai, titled From Nuisance to Strategic Threat: DDoS Attacks Against the Financial Sector, highlights a sharp escalation in both the frequency and sophistication of distributed denial-of-service (DDoS) attacks targeting the global financial sector. The findings underscore a strategic shift in cybercriminal tactics, with significant consequences for financial institutions, their customers, and the broader economy.
Key Findings
• Financial Sector as Primary Target: In 2024, the financial services industry was the top target for volumetric DDoS attacks globally, surpassing all other sectors for the second consecutive year.
• Rising Sophistication: Attackers have moved beyond simple network flooding. They now deploy precision-targeted, multi-dimensional campaigns that exploit vulnerabilities in APIs and customer-facing websites, often mimicking legitimate user behavior to evade detection.
• Severe Operational Impact: Some attacks in 2024 led to multi-day outages affecting multiple banks, disrupting customer access, business operations, and eroding trust in the financial system.
• Application Layer Attacks Surge: Attacks targeting the application layer (Layer 7) of financial firms’ technology stacks increased by 23% between 2023 and 2024, with API-targeted attacks rising by 58% in the same period.
• Regional Trends: The Asia-Pacific (APAC) region saw a dramatic increase, accounting for 38% of all volumetric DDoS attacks in 2024, up from just 11% the previous year. Over 20 institutions in six APAC countries were targeted in a single campaign, likely by the same threat actor.
• DDoS-for-Hire and Hacktivism: The proliferation of DDoS-for-Hire services has made such attacks more accessible, while geopolitical conflicts (notably the Israel-Hamas and Russia-Ukraine wars) have fueled ideologically driven hacktivist campaigns.
Attackers now leverage real-time behavioral analytics, automation, and exploit high-bandwidth resources, making their campaigns more adaptable and cost-effective. The blurred lines between criminal groups, hacktivists, and state-sponsored actors complicate attribution and response.
Defensive Strategies and Recommendations
To address these evolving threats, FS-ISAC and Akamai introduced a five-level DDoS Maturity Model.
- Adopt real-time behavioral analytics and traffic baselining to distinguish legitimate traffic from malicious activity.
- Implement threat intelligence-led automation for rapid detection and mitigation of attacks.
- Strengthen DNS and API security through continuous testing and hardening.
- Deploy geo-IP filtering to limit exposure from high-risk regions.
- Integrate robust cyber hygiene practices and industry best practices across the organization.
