Bad actors targeting financial institutions through distributed denial-of-service (DDoS) attacks have significantly increased their activities in recent years.

According to a study by the Financial Services Information Sharing and Analysis Center (FS-ISAC) and cybersecurity firm Akamai, DDoS attacks surged from 2014 to 2024, with the highest recorded number of incidents occurring in October, totaling 350 events. Each incident typically involved thousands or even millions of malicious activities.

The financial sector emerged as
the most targeted by these attacks, and the frequency continues to rise. DDoS assaults often target websites but also affect APIs critical for services like logins and payments.

Multi-Dimensional Assaults

APIs serve as the backbone of modern banking infrastructure, enabling financial institutions to collaborate with partners in various service areas from credit scoring to peer-to-peer payments.

Although API solutions have transformed many financial institutions, their widespread adoption has also broadened the potential attack surface for cybercriminals.

Most DDoS attacks are relatively minor and can be easily managed by the robust defenses of financial institutions. Nevertheless, a troubling discovery from the study was the increasing effectiveness and sophistication of these attacks.

“DDoS attacks are evolving into complex, multi-dimensional assaults that exploit vulnerabilities across the entire supply chain,” stated Teresa Walsh, FS-ISAC’s Chief Intelligence Officer and Managing Director for EMEA.

Outsourcing the Operation

Despite the increasing complexity of DDoS attacks, it remains relatively easy for cybercriminals to launch these operations. The trend towards outsourcing cybercrime services means that financial institutions will need to continually seek new strategies to defend themselves.

DDoS attacks fall under a broader cybercrime-as-a-service model where criminals offer sophisticated software or services to individuals or groups for profit. As these services grow, identifying the perpetrators becomes more challenging.