A recent joint report from FS-ISAC, a non-profit organization dedicated to enhancing financial cybersecurity, and Akamai Technologies, a leading cybersecurity and cloud services provider, has identified a significant trend: Distributed Denial-of-Service (DDoS) attacks are increasingly targeting the global financial sector. These cyber assaults aim to inundate online services, disrupting access for customers and impeding business operations. The resulting effects not only erode consumer trust but can also adversely impact the profitability of financial institutions. The report, shared with Hackread.com, underscores the burgeoning sophistication and strategic character of these threats.
In particular, the report indicates that the financial services sector was the primary target for large-scale DDoS attacks in 2024, with a notable increase in incidents observed in October. Attacks that specifically targeted the application layer of these services rose by 23% compared to the preceding year. Furthermore, there was a staggering 58% increase in targeted attacks aimed at financial firms’ Application Programming Interfaces (APIs), the gateways that enable software to interact, as well as their customer-facing websites.
These precision attacks are increasingly challenging to detect, as they often mirror legitimate user behavior, suggesting a heightened level of expertise among cybercriminals. A particularly alarming incident in 2024 involved a coordinated attack against multiple banking institutions, leading to service disruptions lasting several days and highlighting the severe ramifications such incidents can pose.
Teresa Walsh, Chief Intelligence Officer at FS-ISAC, remarked on this evolution in tactics, noting, “DDoS attacks are becoming increasingly sophisticated, evolving from simple network flooding to targeted, multi-dimensional offenses that exploit complex vulnerabilities throughout the supply chain.” The proliferation of DDoS-for-Hire services, wherein attackers can commission others to execute attacks, exacerbates this problem. Additionally, recent geopolitical tensions, including the Hamas-Israel and Russia-Ukraine conflicts, have intensified activities related to hacktivism, as cyberattacks are increasingly carried out for political motives.
Regionally, the Asia Pacific area saw a dramatic increase in such large-scale attacks, accounting for 38% of all volumetric DDoS incidents in 2024, a sharp rise from just 11% the previous year. This trend raises critical concerns about the security landscape in this rapidly evolving sector.
In light of these growing threats, FS-ISAC and Akamai have introduced a five-level DDoS Maturity Model designed to assist financial institutions in assessing their current defenses against DDoS attacks. This model facilitates organizations in identifying vulnerabilities and prioritizing improvements, thereby enhancing their resilience to these cyber threats.
Steve Winterfeld, Advisory CISO at Akamai, emphasized the persistent nature of these threats, stating, “Threat actors will continue to leverage DDoS attacks to exploit the security of our institutions.” He advocates for comprehensive defense mechanisms that encompass effective mitigation strategies and strong cybersecurity practices while aligning with industry best practices.
This collaborative effort aligns with Akamai’s participation in FS-ISAC’s Critical Providers Program, initiated in 2022, to bolster supply chain security within the financial sector. As cyber threats continue to evolve, the adoption of robust defense mechanisms and proactive strategies becomes paramount in safeguarding financial infrastructure.
