Beware the Rising Tide: Financial Services Is Awash in Attacks

Geopolitical tensions and the resulting hacktivist activities have played a major role in the DDoS surge. For example, there is a concentration of attacks aimed at European banks with links to Ukraine, presumably launched by pro-Russian threat actors.

There has also been a recent outbreak of DDoS hacktivism among financial institutions in the Middle East, as well as an increase in Layer 7 DDoS attacks. Another factor driving the increase is the technological advancements that dramatically increase the capabilities of DDoS attackers, including virtual machine (VM) botnets.

In addition, the attack surface is expanding due to the increasing use of digital services and APIs, which present more potential vulnerabilities for attackers to exploit. A key concern is undocumented shadow APIs that often lack proper protection. Financial service institutions are also deploying APIs to meet evolving compliance and regulatory requirements, which further complicates the task of protecting these potential entry points.

Our research into DDoS attacks in financial services reveals a critical insight: Event frequency doesn't always correlate with attack intensity. Although some months show few attacks, the corresponding Gbps data indicates significant traffic spikes, emphasizing the need to consider both attack frequency and volume when assessing DDoS attacks.

Brand abuse can lead to a variety of criminal acts, including identity theft and account abuse. Organizations can suffer substantial financial losses due to reputational damages, compliance and legal issues, and even lost sales due to counterfeit products. The alarming number of fraudulent websites that mimic legitimate financial institutions and the rapid pace at which attackers create new domains after their original sites are taken offline are especially concerning.

The SOTI report includes a guest column by Teresa Walsh, Global Head of Intelligence for the Financial Services Information Sharing and Analysis Center (FS-ISAC), that highlights the need for enhanced compliance and operational resilience in the face of today’s threats. New regulations, such as the Digital Operational Resilience Act (DORA), and updated SEC guidelines amplify the need for a holistic approach to cybersecurity in financial services. This involves identifying and prioritizing material risks, incorporating the outcome into the organization’s risk management frameworks, and ensuring robust incident response plans are in place.

Walsh notes that a proactive stance is vital to ensure operational resilience and maintain customer trust in an increasingly volatile threat landscape.

A multifaceted approach is essential to protect your financial institution from growing cyberthreats. The SOTI report reviews some practical tips for reducing the risks posed by phishing and brand impersonation, DDoS attacks, and ransomware.

The report also highlights the importance of implementing a Zero Trust framework to maintain a resilient security posture. This approach operates on the principle that any connection request, user, or device is a potential threat. By eliminating implicit trust and enforcing continuous verification, access to resources is denied by default unless authenticated and authorized. Additionally, Zero Trust prevents lateral movement within the infrastructure through segmentation and microsegmentation, reducing the potential “blast radius” of an attack to protect sensitive data.

The drive to digitize customer interactions will only increase in the financial services industry — and so will the cyberthreats that seek to exploit these interactions. Implementing effective mitigation strategies is crucial not only for protecting your institution and its customers but also for ensuring regulatory compliance. Fully understanding the nature and scope of the threat is an essential step in navigating the rising tide of cyberthreats.