SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Asia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware
Search
Story image
#
Advanced Persistent Threat Protection
#
Cybersecurity
#
Email Security

Report finds financial services most targeted by DDoS attacks for 2 years

Yesterday
Author image
By Melania Watson, Interview Editor

A recent report by Akamai Technologies has revealed that the financial services sector remains the most frequently targeted industry for Layer 3 and 4 distributed denial-of-service (DDoS) attacks for the second consecutive year.

The report, 'Navigating the Rising Tide: Attack Trends in Financial Services,' provides an extensive analysis of cyber threats facing the financial sector.

According to the report, financial services account for 34% of DDoS attacks, followed by the gaming industry at 18% and the high technology sector at 15%.

The financial institutions are attractive targets due to the vast amounts of sensitive data and high-value transactions they manage. Layer 3 and Layer 4 DDoS attacks specifically target the network and transport layers, causing significant disruptions by overwhelming network infrastructure and exhausting server resources and bandwidth. Successful DDoS attacks can severely affect customer trust, lead to downtime, and result in regulatory penalties.

The report attributes the rise in DDoS events to ongoing geopolitical tensions, which have spurred a surge in hacktivist activities. Known threat actors, including REvil, BlackCat (ALPHV), Anonymous Sudan, KillNet, and NoName057, have been particularly active in these activities, often related to the Russia-Ukraine conflict and the Israel-Hamas conflict.

Other significant findings of the report include the financial services sector being the most affected by brand impersonation and abuse, accounting for 36% of such instances. Commerce follows as the second most targeted sector at 26%. Phishing is the predominant form of counterfeit domain activity targeting financial services, making up 68% of recorded instances, while brand impersonation accounts for 24%. The report also noted a sharp increase in Layer 7 DDoS attacks targeting applications via APIs, with a particular concern being the presence of undocumented "shadow APIs" that information security teams may have overlooked. These unsecured APIs can be exploited by attackers to exfiltrate data, bypass authentication controls, or perform disruptive acts.

Steve Winterfeld, Advisory CISO at Akamai, commented on the significance of these findings, stating, "Cybercrime poses a significant threat to the financial services sector as it causes widespread disruption and serious economic damage."

"This report is designed specifically to help financial services cybersecurity professionals around the globe understand the increasingly complex threat landscape and best practices to protect customers."

The report also highlighted the unique cybersecurity challenges faced in the Asia Pacific and Japan (APJ) region. APJ has received the highest median threat score for phishing attacks against financial institutions, largely due to the region's rapid digitalisation in banking and relatively low awareness of phishing dangers.

The financial services sector in APJ is more vulnerable compared to Europe and America, primarily due to high digitisation and active social media use, which opens more avenues for phishing and impersonation attacks.

Reuben Koh, Director of Security Technology and Strategy at Akamai for APJ, discussed the region's challenges.

"Financial institutions in APJ face a trifecta of challenges in today's landscape such as safeguarding assets and data, ensuring compliance, and staying ahead of innovation to educate customers on the latest phishing and scam tactics," he said.

"Traditional security mechanisms often fall short in detecting sophisticated threats like ransomware and API abuse, underscoring the need for modern AI-powered security technologies to better protect the organisation, meet new regulatory standards and protect customer trust."

Koh emphasised the importance of Chief Information Security Officers making informed decisions on automation, delegation, and outsourcing to ensure scalable security solutions.

The "Navigating the Rising Tide: Attack Trends in Financial Services" report includes a guest column from FS-ISAC, a case study on credential stuffing attacks, and sections on Zero Trust and microsegmentation. It also provides mitigation strategies for defending against DDoS attacks, offering valuable insights for cybersecurity professionals.

This year marks the 10th anniversary of Akamai's State of the Internet (SOTI) reports, which have been crucial in providing expert insights into cybersecurity and web performance landscapes based on data gathered from Akamai Connected Cloud.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
AI & quantum computing: progress & future challenges
Radware named major player in IDC MarketScape WAAP report
Report: 80% of critical infrastructure hit by email breaches
Collaboration gaps threaten security, Skybox Security report finds
NinjaOne offers free tools to MSPs amid market pressures
Top stories
Crowdstrike unveils major Falcon Platform updates to streamline IT departments
Tenable launches advanced solution for highly secure systems
Veeam names Niraj Tolia new CTO after acquiring Alcion
Sectigo launches pkimetal to streamline certificate linting
Selling ransomware breaches: Four trends spotted on the RAMP forum