Financial services businesses are among the most DDoS-threatened industries in the Asia Pacific region, according to a new report by global financial service cyber-intelligence sharing group FS-ISAC.
The report, DDoS: Here to Stay, which cites data from the FS-ISAC’s industry partner Akamai, revealed that more than one in 10 of all distributed denial of service (DDoS) attacks in APAC last year targeted financial services businesses – the region’s third-most attacked sector after commerce and gaming.
Of those aimed at FSIs, APAC banks were the target of 91 per cent of DDoS attacks. This compares to 63 per cent of banks globally.
However, financial services businesses in Europe, the Middle East and Africa appeared to have fared much worse, with the sector accounting for 66 per cent of all DDoS attacks in the region; in the AMER region (encompassing the entirety of the Americas) 28 per cent bore DDoS attacks.
The financial services industry as a whole experienced a 154 per cent increase in DDoS attacks between 2022 and 2023.
Overall, FSIs accounted for most DDoS attacks globally, totalling 1,986 incidents, representing 35.4 per cent of attacks across all verticals.
More than one-third (35 per cent) of all DDoS attacks in 2023 worldwide were aimed at the wider financial services industry, which has surpassed the gaming sector as the most-attacked vertical worldwide.
The report authors attributed the recent DDoS surge (and notably the concentration of attacks in EMEA) to the Russia-Ukraine War, with DDoS becoming the favoured cyber tool of non-conventional political actors, hacktivists, and cyber warfare actors.
The war has driven an escalation in hyper-volumetric DDoS attacks, powered by an army of ready-to-serve botnets that, according to the FS-ISAC, have exponentially increased in power over recent years.
“Since early 2023, hyper-volumetric DDoS attacks were more often associated with compromised virtual private servers (VPS) than with Internet of Things (IoT) devices,” the FS-ISAC wrote in its report.
“The new botnets use fewer devices, but each device is substantially stronger. For example, the VPS used by customers of cloud computing companies to create performance applications are 5,000 times stronger than IoT-based botnets.”
Citing Akamai statistics, the FS-ISAC identified DNS flood (55 per cent) as the most frequent DDoS attack vector in 2023. This was followed by SYN flood, DNS reflection, and NTP reflection.
“FS-ISAC sees a variety of techniques, including the use of DNS reflection, GET flood, SYN flood, and Layer 3, Layer 4, and application Layer 7 attacks.”
Further, observers noted an increase in horizontal attacks in 2023. Horizontal attacks are simultaneous DDoS attacks aimed at multiple, unrelated targets rather than a single high-value victim.
In February 2023, Akamai said it prevented the largest DDoS attack ever launched against one of its APAC-based customers, with attack traffic peaking at 900.1 Gbps and 158.2 Mpps.
“The attack was intense and short-lived, with most attack traffic bursting during the peak minute of the attack,” the report read.
The FS-ISAC cautioned businesses on the persistent DDoS threat, noting such attacks can “disrupt business operations, leading to a loss of credibility, customer trust, and financial damage”.
“Moreover, DDoS attacks may serve as a smoke screen for other malicious activities, such as data theft or cyber espionage.”
Teresa Walsh, FS-ISAC chief intelligence officer and managing director, EMEA, noted that “while DDoS is an age-old problem, there is a renewed focus driven by heightened geopolitical tensions as nation-states and hacktivists seek to disrupt operations and break trust in the global financial system.”
“These DDoS campaigns are becoming more persistent and increasingly multi-vector as they target all areas of the financial sector, including wealth management, banking, credit cards, digital payments, and insurance.”
Steve Winterfeld, advisory CISO at Akamai, warned that such attacks “cost little to launch and can do serious damage to a company’s brand”.
