The finance industry is vulnerable to DDoS attacks

Emad Fahmy, Systems Engineering Manager, Middle East, NETSCOUT discusses why the  finance industry is vulnerable to DDoS attacks

The way financial institutions function has changed in the last two years. As a result of the Covid-19 pandemic, businesses in the finance industry have had to adjust their business strategies and create remote working solutions. Due to the data being accessed from off-site locations, substantial volumes of employees’ confidential and sensitive material have been left accessible to cybercriminals acting outside of typical perimeters by working from home. Perhaps predictably, threat actors have seized the opportunity this has offered them. Thus, regional financial authorities have outlined cybersecurity as a critical priority. The UAE Central Bank, for example, established a new Networking and Cyber Security Operations Centre in November 2021 to contribute to the resilience and preparedness of the nation’s financial sector.

More than half of those targeted by DDoS extortion attacks in the first half of 2021 were in the financial industry. Furthermore, NETSCOUT discovered that over 7,000 DDoS assaults were performed against commercial banks and credit card processors during this time.

Although it may appear at first that this attack activity is minimal compared to the overall numbers, many were successful in creating significant disruption. This, in turn, impacted downstream customers attempting to use their credit cards, as well as the targeted businesses. If a commercial bank or payment card processor is hacked, the results can be devastating. Because credit card processors can handle over 5,000 transactions per second, even a few minutes of delay can result in millions being lost. This can significantly impact the organisation’s brand and customer retention.

Types of DDoS attacks being launched by threat actors

As previously stated, financial institutions are subjected to a high volume of DDoS extortion attempts. These attacks differ from traditional DDoS attacks in that the threat actors launch a demonstration DDoS attack against portions of the organisation’s online infrastructure before or after sending an email to the company requesting payment in cryptocurrency, typically Bitcoin.

Financial institutions are known to have access to enormous amounts of data and money, which is one of the key reasons why threat actors target them with DDoS extortion assaults. The Lazarus Bear Armada (LBA) DDoS extortion campaign, for example, targeted financial organisations such as commercial banks and stock exchanges, including the New Zealand Stock Exchange.

Furthermore, professional ransomware gangs have bolstered their arsenal with triple extortion attacks. Cybercriminals have created a ransomware trifecta by combining file encryption, data theft, and DDoS operations to increase payment possibilities.

Moreover, when it comes to mounting DDoS attacks against financial institutions, threat actors employ increasingly complicated strategies. Cybercriminals are modifying the types of attacks they use to overwhelm the multiple layers of on-premises and cloud-based DDoS security that have been built in an attempt to access financial institutions’ online infrastructure. TCP ACK flood assaults, which are meant to overwhelm and impede connections between servers against commercial banks and credit card processing solutions, are a good illustration of this. As a result, downtime and interruptions have hurt institutional and end-users who use these services.


To read more exclusive features and latest news please see our Q1 issue here.

Media contact

Rebecca Morpeth Spayne,
Editor, Security Portfolio
Tel: +44 (0) 1622 823 922