The financial sector has become a prime target for cybercriminals using distributed denial-of-service (DDoS) attacks to disrupt services and flood networks. According to research from the Financial Services Information Sharing and Analysis Center (FS-ISAC) and cybersecurity firm Akamai, DDoS attack incidents surged exponentially from 2014 to 2024, reaching a peak in October with over 350 recorded events.

These attacks were particularly intense, involving thousands or even millions of malicious activities. The financial industry emerged as the most targeted sector, and the frequency of DDoS attacks against it continued to rise significantly.

Multipronged Assaults

APIs are crucial components in modern banking infrastructure, enabling seamless transactions and services such as credit scoring and peer-to-peer payments. However, their widespread adoption has also increased the potential attack surface for cybercriminals.

While many financial institutions have robust defenses that can mitigate simple DDoS attacks, recent findings suggest that these assaults are becoming more sophisticated. DDoS attacks now often involve multi-dimensional strategies that exploit vulnerabilities across the entire supply chain, making them harder to thwart.

Outsourcing Cyber Threats

The increasing sophistication of DDoS attacks does not necessarily mean a higher barrier to entry for cybercriminals. The rise in the use of DDoS makes it easier for threat actors to outsource their operations and complicate attribution efforts, as identifying the perpetrators can be challenging.

DDoS is part of an expanding model known as cybercrime-as-a-service, where criminals offer sophisticated tools or services on a subscription basis. This growing trend puts financial institutions under increasing pressure to develop new defense strategies that can adapt to these evolving threats.