Bad actors aiming to overwhelm organizations’ networks through distributed denial-of-service (DDoS) attacks have targeted the financial industry. Research from the Financial Services Information Sharing and Analysis Center (FS-ISAC) and cybersecurity firm Akamai revealed that DDoS attacks escalated dramatically from 2014 to 2024, peaking in October with 350 incidents.

Each attack involved thousands—or even millions—of malicious activities. The financial sector was identified as the most targeted by such assaults, and the frequency of these attacks against it has continued to rise. Such attacks often target websites but also frequently impact APIs used for services like logins and payments.

Multi-Dimensional Assaults

APIs are essential in modern banking infrastructure, facilitating services from credit scoring to peer-to-peer payments by enabling banks to work with partners.

The rapid adoption of APIs has expanded the potential attack surface for bad actors. Despite financial institutions’ defenses often overcoming these attacks, the study highlighted a more alarming trend: the increasing sophistication and effectiveness of DDoS attacks.

“DDoS attacks are evolving from simple network flooding to targeted, multi-dimensional assaults that exploit vulnerabilities across the entire supply chain,” stated Teresa Walsh, FS-ISAC’s Chief Intelligence Officer and Managing Director, EMEA.

Outsourcing the Operation

The growing complexity of DDoS attacks does not necessarily increase barriers for cybercriminals. Overall, DDoS usage is on the rise, making it easier for criminals to outsource their operations. This also complicates efforts to identify perpetrators. DDoS is part of the broader cybercrime-as-a-service model, where illicit services are provided for financial gain.

As these services become more sophisticated and widespread, financial institutions will need to continuously develop new defense strategies.