Hacktivists Return with DDoS Attacks, and Their Eyes on European Banks
The latest joint report published by the Financial Services Information Sharing and Analysis Center (FS-ISAC) and Akamai, shows that distributed denial-of-service (DDoS) attacks are on the rise again. These sinister plots are often much more than annoyances. They are designed to take advantage of capacity limitations by sending multiple requests to a website, with the aim of exceeding the website’s capacity to handle the overload of requests, preventing it from functioning correctly, and ultimately bringing it down.
DDoS attacks pose a substantial danger to financial institutions by interrupting business operations, which can result in significant financial losses, and to banks by disabling their websites and preventing customers from accessing accounts. DDoS attacks are often used as a smokescreen for other malicious activities such as malware, data exfiltration, and ransomware.
Remember the extortion ring DD4BC (DDoS for Bitcoin)? In 2014 and 2015, the extortion group DD4BC targeted currency exchanges and financial institutions, using the threat of DDoS attacks, to secure Bitcoin payments for protection against future attacks.
DDoS is here to stay, and European banks remain a key target
Financial institutions remain a unique and favored target of cybercriminals. The vast amounts of personal and sensitive customer data that they are entrusted with maintaining motivates attackers to continually look for sophisticated tools and tactics that will allow access to that data — data that hackers can reliably and quickly sell on the dark web.
Cyberattacks cost an average of 50% more for financial institutions than for all other industries combined. This trend creates a growing threat to the global financial system, and the response must be global and cooperative if we are to protect this critical infrastructure.
Why is DDoS still wreaking havoc on financial institutions?
Threat actors are opportunistic and will capitalize on political, social, economic, health, or cultural events that open a door for their nefarious activity. We saw this when a record-breaking attack against a large European bank was launched during the COVID-19 pandemic.
Last summer, Akamai detected and mitigated the largest DDoS attack ever launched against a European customer on the Prolexic platform. And it’s not slowing down: The volume of DDoS attacks targeting financial firms has increased by 73% since last year in Europe. These attacks often serve as a decoy, masking other more serious types of attacks, making them highly disruptive and expensive. That expense comes not just from financial losses, but from customer inconvenience, increased demand on customer service call centers, risk management costs, and even marketing costs to restore trust and brand reputation.
Stay up-to-date with the latest threat intelligence
DDoS preparedness must be based around an always-on mentality. Financial institutions should perform an evaluation of business-critical applications and their respective attack surfaces, and periodically reevaluate risk appetite and acceptance decisions, based on the evolving threatscape as well as market and regulatory changes, like the European Union’s Digital Operational Resilience Act (DORA).
And although cyber insurance can be an integral component of an overall strategy, those policies typically deal with the aftermath of a cyberattack, therefore it should be clear that cyber insurance is not a mitigation strategy.
5 steps to protection: Build a strong response
Follow these five steps to keep your organization protected.
1. Join FS-ISAC for access to critical intelligence to stay ahead of threats
2. Deploy DDoS security controls in an always-on mitigation posture as a first layer of defense
3. Update playbooks for speed of attacks and volume of threat attempts
4. Understand your attack surfaces and risk exposures to help you devise mitigation plans
5. Adopt industry best practices and processes, such as the cyber kill chain and the National Institute of Standards and Technology Special Publication 800-207 Zero Trust Architecture
Under attack?
If you are currently under attack or threat of extortion, you can get help 24/7/365. Additionally, if you receive an extortion email, please contact local law enforcement.
Learn more
Want to learn more about the evolution and growing threat of DDoS attacks?
