ake78 (3D & photo) - Fotolia

More DDoS attacks launched against APAC financial firms

The financial sector in Asia-Pacific saw more DDoS attacks in 2023, but no notable impact was reported, according to a report by Akamai and FS-ISAC

Threat actors launched more distributed denial-of-service (DDoS) attacks against the financial sector in Asia-Pacific (APAC) last year, making it the third-most attacked sector after commerce and gaming.

According to a report by Akamai and FS-ISAC, a non-profit organisation that advances cyber security and resilience in the global financial system, 11% of DDoS attacks in APAC were targeted at financial services firms, with 91% of those attacks aimed at banks.

Globally, over a third of all DDoS attacks last year were aimed at the financial services industry, a 154% increase over 2022 fuelled by a surge in botnets and hacktivism motivated by the Russia-Ukraine war.

But while the volume of DDoS attacks grew significantly in 2023, mitigation measures were successful and no notable impact was reported.

Threat actors are also tweaking their modus operandi, with a preference for shorter but larger packet-per-second attacks, and more attacks on web infrastructure, which attackers sent more requests per second to in 2023 than in 2022.

There were also attempts to clog internet pipes with more bits per second sent, attacks on hardware and central processing units, with more packets per second sent, and attacks on domain name systems infrastructure, with more queries per second sent.

In February 2023, Akamai successfully mitigated a record-breaking attack in APAC by employing a combination of over 225 frontline responders, a dedicated defence capacity platform and optimised DDoS incident response plans. Although attack traffic peaked at 900.1 Gbps and 158.2 Mbps, no collateral damage was reported.

Read more about cyber security in APAC

Teresa Walsh, FS-ISAC’s chief intelligence officer and managing director for Europe, the Middle East and Africa, said that while DDoS is an age-old problem, it has seen a renewed focus, driven by geopolitical tensions as nation-states and hacktivists seek to disrupt operations and break trust in the global financial system.

“These DDoS campaigns are becoming more persistent and increasingly multi-vector as they target all areas of the financial sector, including wealth management, banking, credit cards, digital payments and insurance,” she added.

Steve Winterfeld, advisory chief information security officer at Akamai, noted that DDoS attackers use a variety of techniques to annoy, harass and extort companies, noting that their attacks cost little to launch and can do serious damage to a company’s brand.

He added that the report explains why the financial sector will continue to see attacks from a variety of threat actors and “demonstrates why organisations must prioritise robust cyber hygiene, optimise cyber defences and ensure compliance with evolving regulations”.

Read more on Hackers and cybercrime prevention

Data Center
Data Management