The Q3 Finance Industry Threat Landscape Report prepared by SOCRadar analysts has been published this week. The report includes a detailed analysis of the cybersecurity threats that most impact the financial industry globally. One of the topics covered in the report was DDoS attacks. According to the report, the use of DDoS attacks for extortion against financial institutions has increased.
Threat actors execute DDoS attacks against financial institutions, especially banks, with various objectives. Considering that a DDoS attack experienced by a bank can cost millions of dollars to the company, threat actors mainly use DDoS as an extortion tool.
According to a recent report published by FS-ISAC in February, more than 100 financial services firms were hit by a DDoS extortion attack conducted by the same actor last year.
The second reason for DDoS attacks is to create a distraction. While executing a DDoS attack by using a botnet and keeping the security team busy, threat actors infiltrate the company’s systems by other means.
What is a DDoS Attack?
Distributed Network Attacks are often referred to as Distributed Denial of Service (DDoS) attacks. This type of attack takes advantage of the specific capacity limits that apply to any network resources – such as the infrastructure that enables a company’s website.
The DDoS attack will send multiple requests to the attacked web resource with the aim of exceeding the website’s capacity to handle multiple requests and prevent the website from functioning correctly.
Typical targets for DDoS attacks include:
- Internet shopping sites
- Online casinos
- Any business or organization that depends on providing online services
How does a DDoS attack work?
Network resources have a finite limit to the number of requests that they can service simultaneously. In addition to the capacity limit of the server, the channel that connects the server to the Internet will also have a finite bandwidth. Whenever the number of requests exceeds the capacity limits of any component of the infrastructure, the level of service is likely to suffer in one of the following ways:
- The response to requests will be much slower than normal.
- Some users’ requests may be totally ignored.
Recent DDoS Attacks on Financial Institutions
A top European bank experienced a DDoS attack in June. The attack reached over 200 gigabytes of volume in total. The threat actors hit the company with three waves of DDoS attacks in one hour. The motivation behind the attack was unknown.
In September, a massive DDoS campaign against the New Zealand companies resulted in service outages for businesses including ANZ New Zealand and Kiwibank. The internet banking app and website were offline for several hours. It was not the first time New Zealand became the victim of large DDoS attacks. Last year, threat actors forced the New Zealand Stock Exchange to be offline for almost an entire week and asked for ransom to stop the DDoS attacks.
Measures to be taken against DDoS and other cyber attacks, which have been listed in the report so far, are also included in the threat landscape report.
- Keeping Track of the Vulnerabilities on Digital Assets
- Identifying and Monitoring Threat Actors
- Phishing Control
- Dark Web and Deep Web Awareness
In addition to these steps, there are more things to protect yourself, such as:
- You could create strict identity and access management policies by utilizing multiple-factor authentication (MFA) and one-time-password (OTP) technologies. You could protect your endpoints using trusted security software as much as possible.
- You must have backup policies and practices. In addition, you should have multiple recent copies (preferably at least one offline) of your critical data and settings and configurations of your security devices.
SOCRadar provides extended cyber threat intelligence (XTI) that combines,
SOCRadar provides the actionable and timely intelligence context you need to manage the risks in the era of transformation.
Protecting Customers’ PII: Scan millions of data points on the surface web, deep web, and darknet to accurately identify the leakage of your customers’ personally identifiable information (PII) in compliance with regulations.