SINGAPORE: Asia Pacific’s financial sector has been the top target for volumetric Distributed Denial-of-Service (DDoS) attacks, which overwhelm servers or networks with sheer traffic to slow or make them fail, accounting for 38% of all volumetric DDoS attacks in 2024, up from just 11% the year before, according to a joint report by FS-ISAC and Akamai Technologies.
The report, From Nuisance to Strategic Threat: DDoS Attacks Against the Financial Sector, also found that more than 20 financial institutions in six countries in the region were hit in 2024, likely by the same threat actor or hacker group.
Notably, the financial sector is being hit harder than other sectors. DDoS attacks on financial firms spiked in October 2024, and the sector has remained the leading target for volumetric DDoS attacks year-over-year.
The report also noted the increasing frequency of attacks, as cybercriminals exploit higher bandwidths and stronger computing power to launch adaptable, more powerful, and cheaper DDoS attacks.
In addition, the rise of “DDoS-for-Hire services” targeting the financial sector has made it difficult to identify cybercriminals. Attacks on financial firms’ application layer, including Application Programming Interfaces (APIs) and customer-facing websites, rose 23% between 2023 and 2024.
Meanwhile, ongoing geopolitical tensions have fueled a surge in “hacktivism”.
Teresa Walsh, chief intelligence officer and managing director for EMEA at FS-ISAC, said, “DDoS attacks are becoming increasingly sophisticated, evolving from simple network flooding to targeted, multi-dimensional assaults that exploit intricate vulnerabilities across the entire supply chain.”
Steve Winterfeld, Advisory CISO of Akamai, said, “Threat actors will continue to leverage DDoS attacks to exploit the security of our institutions,” explaining that the attacks are meant to exhaust an institution’s network infrastructure and, in turn, drain its resources used to defend against attackers.
Mr Winterfeld added, “Implementation of mitigation strategies, robust cyber hygiene fundamentals, and industry best practices can help the sector defend against the evolving risk.” /TISG
Featured image by Depositphotos (for illustration purposes only)