Report Warns of Sophisticated DDoS Campaigns Crippling Global Banks

A new joint report released today by FS-ISAC, a non-profit organization focused on financial cybersecurity, and Akamai Technologies, a leading cybersecurity and cloud company, reveals a worrying trend: Distributed Denial-of-Service attacks (DDoS attacks) are increasingly targeting the global financial sector.

These attacks aim to overwhelm online services, disrupting customer access and business operations, ultimately eroding trust and impacting profits. The report, shared with Hackread.com, emphasises the growing sophistication and strategic nature of these cyber threats.

****Evolving Attack Strategies and Key Findings****

According to the report, the financial services sector was the primary target for large-scale DDoS attacks in 2024, which involved flooding a system with massive amounts of traffic, with a notable surge in October 2024. Attacks specifically targeting the application layer of financial services grew by 23% between 2023 and 2024.

The report also notes a rise in more precise attacks against financial firms’ Application Programming Interfaces (APIs) with a 58% rise observed between 2023-24 which allow different software to communicate, and their customer-facing websites.

These targeted assaults are harder to spot because they mimic normal user behaviour, indicating a higher level of skill among cybercriminals. In 2024, a single attack campaign targeting multiple banks resulted in service disruptions that lasted for several days, illustrating the severe impact these incidents can have.

Teresa Walsh, FS-ISAC’s Chief Intelligence Officer, commented on this shift, stating, “DDoS attacks are becoming increasingly sophisticated, evolving from simple network flooding to targeted, multi-dimensional assaults that exploit intricate vulnerabilities across the entire supply chain.”

The use of DDoS-for-Hire services, where attackers can pay others to launch attacks, is also common. Geopolitical events, such as the Hamas-Israel and Russia-Ukraine conflicts, have also fuelled an increase in hacktivism, where cyberattacks are carried out for political reasons.

On the other hand, the Asia Pacific region experienced a sharp rise in these large-scale attacks, accounting for 38% of all volumetric DDoS attacks in 2024, a significant jump from 11% in 2023.

****Building Stronger Defences****

To help financial institutions better prepare, FS-ISAC and Akamai have introduced a five-level DDoS Maturity Model. This model helps organizations evaluate their current strengths and weaknesses in defending against DDoS attacks, allowing them to identify areas for improvement, prioritize investments, and boost their ability to withstand these threats.

Steve Winterfeld, Advisory CISO at Akamai, emphasized the ongoing nature of the threat: “Threat actors will continue to leverage DDoS attacks to exploit the security of our institutions.” He highlighted that effective defences involve implementing mitigation strategies, maintaining strong cybersecurity practices, and adopting industry best practices.

It must be noted that this collaboration is part of Akamai’s involvement in FS-ISAC’s Critical Providers Program, launched in 2022 to enhance supply chain security within the financial sector.