Bad actors aiming to overwhelm organizations’ networks through distributed denial-of-service (DDoS) attacks have targeted the financial industry, with significant impacts.

A study by the Financial Services Information Sharing and Analysis Center (FS-ISAC) and cybersecurity firm Akamai revealed that DDoS attacks escalated exponentially from 2014 to 2024, reaching their peak in October with 350 recorded incidents. Each attack involved thousands—or even millions—of malicious activities.

According to the research, the financial sector was the most targeted industry, with a continued rise in DDoS attack frequencies. These attacks often focused on organizations’ websites but also frequently affected APIs integral to services like logins and payments.

Multidimensional Assaults

APIs are essential components of modern banking infrastructure, facilitating interactions ranging from credit scoring to peer-to-peer payments by enabling communication between different entities.

The rapid adoption of APIs has expanded the potential attack surface for malicious actors. While financial institutions often have robust defenses against DDoS attacks, recent findings highlighted that these assaults are becoming more sophisticated, evolving from simple network flooding to targeted multi-dimensional attacks that exploit vulnerabilities across the entire supply chain.

FS-ISAC’s Chief Intelligence Officer and Managing Director, EMEA, Teresa Walsh, commented in a prepared statement: “DDoS attacks are becoming increasingly sophisticated, transitioning from basic network flooding to multifaceted assaults that exploit intricate weaknesses throughout the entire ecosystem.”

Outsourcing the Operation

The increase in DDoS complexity does not necessarily mean higher entry barriers for cybercriminals. Overall, the use of DDoS is growing, making it easier for bad actors to outsource their operations and complicating efforts to identify perpetrators.

DDoS is part of a broader trend where criminal entities offer sophisticated services or tools on a subscription basis. This not only lowers entry barriers for cybercriminals but also makes it more challenging for financial institutions to develop effective defenses against these attacks, necessitating innovative strategies in combatting fraud and cyber threats.