Denial-of-service attacks rise, raising concerns for banks

The volume of DDoS attacks targeting financial firms increased 22% year-over-year as of November, according to a new report. — Image by on Freepik

Long considered a nuisance, distributed-denial-of-service attacks, or DDoS, are growing problem for banks and other financial businesses, according to a new report.

The volume of DDoS attacks targeting financial firms increased 22% year-over-year as of November, according to a new report first provided to Bloomberg News by the Financial Services Information Sharing and Analysis Center, which is known as FS-ISAC. The issue is particular pronounced in Europe, where financial services saw a 73% increase in DDoS attacks, according to the report.

DDoS attackers marshal an army of connected devices – known as a botnet – and direct Internet traffic at a website to disrupt it or shut it down. Such attacks have been around for decades, and cybersecurity companies sell products that can mitigate most incidents.

Still, DDoS has stubbornly persisted, as the attacks have gotten more powerful and easier for non-technical bad actors to execute, according to cybersecurity experts.

“I think it’s important to know that in general, when it comes to DDoS attacks, they’re here to stay,” said Teresa Walsh, FS-ISAC’s global head of intelligence.

Last year, DDoS attacks were used to further political aims, targeting those who have taken sides – even indirectly – in the war in Ukraine or other in geopolitical hotspots, including China and Taiwan, according to the report. A group called Killnet, aligned with Russian interests, has waged a campaign of DDoS attacks on websites of businesses, governments and airports in the last year.

Last week, for instance, Killnet claimed credit for a DDoS campaign in Germany that targeted airport websites, the financial sector and federal and state authorities. The attack, which took place in late January, was fended off, for the most part, and didn’t lead to serious consequences, the German Federal Office for Information Security said in a statement.

“DDoS is a favorite tool of hacktivist groups because unlike other forms of cyberattacks, you kind of know when it’s worked,” said Boaz Gelbord, chief of security at Akamai Technologies Inc, which worked with FS-ISAC to compile the report. “When services that are commonly used by the public are unavailable, that causes a big splash.”

Attackers are also using DDoS as a technique to extort companies or organisations. For instance, attackers demanded money in a string of attacks in 2020 that targeted the New Zealand Stock Exchange and more than 100 other companies.

In addition, DDoS attacks can now be purchased online by anyone with an internet connection and a dark web browser, according to the report. The DDoS-for-hire model is one currently deployed by some ransomware groups that, for a price, provide their malware to “affiliates” who then conduct the attacks.

The explosion of Internet-connected devices has also contributed to the rise because they provide a vast pool of poorly secured products that can be marshaled to serve as botnets and amplify attacks. Some attacks have become so powerful that they can overwhelm mitigation measures, according to the report.

The financial sector has experience with DDoS incidents. A wave of attacks against banks starting in 2011 disabled websites, prevented customers from accessing online accounts and cost the victims tens of million of dollars to remediate them, according to the US Department of Justice, which indicted seven Iranians in 2016 for the incidents. – Bloomberg

Article type: free
User access status:
Subscribe now to our Premium Plan for an ad-free and unlimited reading experience!

Next In Tech News

ChatGPT chats are not confidential, so don't tell it your secrets
Amazon connecting up devices in US homes into one giant wi-fi network
Elon Musk seeks to end $258 billion Dogecoin lawsuit
Rage-tweeting: When angry consumers seek 'revenge' for bad service
Apple VR headset coming? WWDC developer conference set for June 5
Apple wins reversal of $502 million VirnetX patent infringement verdict
E3 cancels 2023 event, leaving Los Angeles without a major gaming convention
U.S. lawmakers introduce bipartisan bill to help news media negotiate with Big Tech
Activision threatened, spied on workers amid union drive, U.S. agency says
Twitter makes some of its source code public

Others Also Read