Professional entities aiming to inundate organizations’ networks with distributed denial-of-service (DDoS) attacks have shifted their focus towards the financial sector.

According to research conducted by the Financial Services Information Sharing and Analysis Center (FS-ISAC) and cybersecurity firm Akamai, there was a significant increase in DDoS attacks from 2014 to 2024, with October recording 350 incidents. Each event involved thousands—or even millions—of malicious activities due to the nature of these attacks.

The financial sector emerged as
the most targeted in this study, and the incidence rate of DDoS attacks on it has been consistently increasing. While such attacks often target websites, there were also frequent assaults on APIs used for various services like logins and payments.

Multidimensional Assaults

APIs are crucial to modern banking infrastructure, facilitating interactions between banks and partners for diverse services from credit scoring to peer-to-peer payments.

Despite the revolutionary impact of these solutions on financial institutions, the rapid expansion of API usage in financial services has broadened the attack surface available to malicious actors.

Most DDoS attacks are typically handled effectively by institutions’ defenses. However, a concerning trend highlighted in the study is the increasing effectiveness and sophistication of such attacks.

“DDoS attacks are evolving from simple network flooding into targeted, multidimensional assaults that exploit intricate vulnerabilities throughout the entire supply chain,” stated Teresa Walsh, FS-ISAC’s Chief Intelligence Officer and Managing Director for EMEA, in a prepared statement.

Outsourcing the Operation

Although these attacks are becoming more complex, barriers to entry remain low. This makes it easier for cybercriminals
to outsource their operations, thereby complicating efforts to identify perpetrators.

DDoS attacks fall under the broader category of cybercrime-as-a-service models, where criminals provide sophisticated software or services for financial gain. The growing sophistication and accessibility of these services require financial institutions to continuously explore
novel defense strategies.