The finance industry is vulnerable to DDoS attacks

Emad Fahmy, Systems Engineering Manager, Middle East, NETSCOUT discusses why the  finance industry is vulnerable to DDoS attacks

The way financial institutions function has changed in the last two years. As a result of the Covid-19 pandemic, businesses in the finance industry have had to adjust their business strategies and create remote working solutions. Due to the data being accessed from off-site locations, substantial volumes of employees’ confidential and sensitive material have been left accessible to cybercriminals acting outside of typical perimeters by working from home. Perhaps predictably, threat actors have seized the opportunity this has offered them. Thus, regional financial authorities have outlined cybersecurity as a critical priority. The UAE Central Bank, for example, established a new Networking and Cyber Security Operations Centre in November 2021 to contribute to the resilience and preparedness of the nation’s financial sector.

More than half of those targeted by DDoS extortion attacks in the first half of 2021 were in the financial industry. Furthermore, NETSCOUT discovered that over 7,000 DDoS assaults were performed against commercial banks and credit card processors during this time.

Although it may appear at first that this attack activity is minimal compared to the overall numbers, many were successful in creating significant disruption. This, in turn, impacted downstream customers attempting to use their credit cards, as well as the targeted businesses. If a commercial bank or payment card processor is hacked, the results can be devastating. Because credit card processors can handle over 5,000 transactions per second, even a few minutes of delay can result in millions being lost. This can significantly impact the organisation’s brand and customer retention.

Types of DDoS attacks being launched by threat actors

As previously stated, financial institutions are subjected to a high volume of DDoS extortion attempts. These attacks differ from traditional DDoS attacks in that the threat actors launch a demonstration DDoS attack against portions of the organisation’s online infrastructure before or after sending an email to the company requesting payment in cryptocurrency, typically Bitcoin.

Financial institutions are known to have access to enormous amounts of data and money, which is one of the key reasons why threat actors target them with DDoS extortion assaults. The Lazarus Bear Armada (LBA) DDoS extortion campaign, for example, targeted financial organisations such as commercial banks and stock exchanges, including the New Zealand Stock Exchange.

Furthermore, professional ransomware gangs have bolstered their arsenal with triple extortion attacks. Cybercriminals have created a ransomware trifecta by combining file encryption, data theft, and DDoS operations to increase payment possibilities.

Moreover, when it comes to mounting DDoS attacks against financial institutions, threat actors employ increasingly complicated strategies. Cybercriminals are modifying the types of attacks they use to overwhelm the multiple layers of on-premises and cloud-based DDoS security that have been built in an attempt to access financial institutions’ online infrastructure. TCP ACK flood assaults, which are meant to overwhelm and impede connections between servers against commercial banks and credit card processing solutions, are a good illustration of this. As a result, downtime and interruptions have hurt institutional and end-users who use these services.

 

To read more exclusive features and latest news please see our April issue here.

Media contact

Rebecca Morpeth Spayne,
Editor, Security Portfolio
Tel: +44 (0) 1622 823 922
Email: editor@securitybuyer.com

About Security Buyer

Security Buyer is the leading authority in global security content, delivering expert news, in-depth articles, exclusive interviews, and industry insights across print, digital, and event platforms. Published 10 times a year, the magazine is a trusted resource for professionals seeking updates and analysis on the latest developments in the security sector.

To submit an article, or for sponsorship opportunities, please contact our team below.

Rebecca Spayne picture 2025

Rebecca Spayne

Managing
EDITOR

Georgina Turner image

Georgina Turner

Sales
Manager

Afua Akoto image - Security Buyer

Afua Akoto

Marketing Manager

Read the Latest Issue

Follow us on X

Follow us on X

Click Here

Follow us on LinkedIn

Follow us on LinkedIn

Click Here

Advertise here

Reach decision makers and amplify your marketing

Advertise here

Click Here

Related News

Tecnosicurezza

Tecnosicurezza Launches AmpliSec

Tecnosicurezza has launched AmpliSec – its first connected high-security electronic locking system designed specifically for safes…
DuoKey at GISEC

A Breakthrough in Fraud Detection at GISEC

DuoKey will unveil its groundbreaking use case for encrypted financial intelligence at GISEC Global in Dubai next week.
Two young intercultural programmers trying to solve problem with access to data while interacting in front of computers

DDoS attacks targeting critical infrastructure

NETSCOUT released its 2H2024 DDoS Threat Intelligence Report, revealing how Distributed Denial of Service (DDoS)…
Copyright: Security Buyer

ASIS UK Launches “Security is You(th)” Hackathon

ASIS International UK has launched Security is You(th), an initiative designed to engage students and early-career professionals…
Image provided by Veeam

AI and Ransomware: Cutting Through the Hype

Rick Vanover, Vice President Product Strategy, Veeam discusses how It might be the great paradox: Artificial Intelligence (AI)….
Copyright: Security Buyer

AmiViz Partners with Titania

AmiViz announced a strategic distribution agreement with Titania. This collaboration underscores a shared commitment to enhancing…
Copyright: Security Buyer

Facial Recognition: Innovation vs. Accountability

Facial recognition technology is advancing with AI, IoT, and privacy-first security, but regulatory compliance, ethical AI, accountability…
Copyright - Security Buyer

What Is an Access Control Entry? The Security Must-Know for 2025

Discover how access control entry secures businesses with mechanical, digital, biometric, and AI-driven solutions, preventing unauthorised…
Chubbsafes

Chubbsafes Celebrates 190 Years of Heritage, Trust, and Innovation

Chubbsafes proudly marks its 190th anniversary in 2025. Since its first safe patented in 1835, Chubbsafes has become synonymous…
Oil and Gas

Navigating Africa’s Oil & Gas Industry

A comprehensive analysis of security strategies in Africa’s oil and gas industry, covering physical, cyber, and remote surveillance measures.
Scroll to Top