DDoS attacks surge on financial sector as cybercriminals get smarter

By Puja Sharma

Financial sector is the top industry for volumetric DDoS attacks; sophisticated, precision-targeted threats are growing

FS-ISAC, the member-driven, not-for-profit organisation that advances cybersecurity and resilience in the global financial system, and Akamai Technologies, Inc., the cybersecurity and cloud computing company that powers and protects business online, today released their joint annual report analysing the strategic threat posed by the escalating number and sophistication of distributed denial-of-service (DDoS) attacks and their impact on customer trust, operations, and profitability in the financial services sector.

The report, From Nuisance to Strategic Threat: DDoS Attacks Against the Financial Sector, found that in 2024, the financial services sector was the top target of volumetric DDoS attacks, which aim to overwhelm the target with sheer traffic. DDoS attacks on financial firms’ Application Programming Interfaces (APIs) and customer-facing websites are also on the rise. These precision-targeted attacks are challenging to detect because they closely mimic legitimate user behaviour, indicating a new level of sophistication among cyber criminals.

The joint report details attack data by region with profiles of the sector’s most prolific attackers. It also provides a DDoS Maturity Model that financial firms can leverage to evaluate their current capabilities and practices to prepare for DDoS attacks, as well as fundamental cyber practices for managing DDoS threats.

“DDoS attacks are becoming increasingly sophisticated, evolving from simple network flooding to targeted, multi-dimensional assaults that exploit intricate vulnerabilities across the entire supply chain,” said Teresa Walsh, FS-ISAC’s Chief Intelligence Officer and Managing Director, EMEA. “As threat tactics continue to evolve, we must ensure our technical defenses evolve and our people, tools, and processes work seamlessly together. It is critical that we harden our infrastructure and foster a culture of continuous vigilance and collaboration to protect continuity and customer trust.”

Together, FS-ISAC and Akamai developed a five-level DDoS Maturity Model detailing DDoS-relevant characteristics, defensive capabilities, and risks to help financial institutions assess their ability to withstand DDoS attacks. Institutions at any level of cyber maturity can use it to identify areas for improvement and improve their resilience, prioritise investments, and facilitate ongoing improvement.

“Threat actors will continue to leverage DDoS attacks to exploit the security of our institutions,” said Steve Winterfeld, Advisory CISO of Akamai. “These attacks strive to exhaust an institution’s network infrastructure and in turn, drain the resources used to defend against them. The implementation of mitigation strategies, robust cyber hygiene fundamentals, and industry best practices can help the sector defend against the evolving risk.”

Key findings highlight the shifting dynamics of DDoS threats — from the increasing use of DDoS-for-Hire services to regional surges in activity — underscoring the urgent need for advanced, adaptive defense strategies. Highlights of the report include:

• The disproportionate increase of DDoS attacks on the financial sector, compared to other industries.The sector remained the leading target for volumetric year-over-year DDoS attacks,with a major spike in October 2024.
• DDoS attacks are increasing in frequency, and cybercriminals are exploiting today’s high bandwidths and greater computational resources to launch more adaptable, powerful, and cost-effective DDoS attacks.
• Application layer DDoS attacks against the financial sector increased 23%between 2023 and 2024. The adoption of APIs in financial services has expanded the sector’s threat surface and malicious actors have evolved their tactics in response. 
• The widespread use of DDoS-for-Hire services targeting the financial sector disguises attackers, making it difficult to identify the cybercriminal’s motivation and develop mitigation plans.
• Ongoing geopolitical tensions, particularly the Hamas-Israel and Russia-Ukraine wars, have fueled a surge in hacktivism.
• DDoS attacks on the financial services sector increased significantly in the Asia Pacific region, accounting for 38% of all volumetric DDoS attacks, up from 11% in 2023.