WP Why Banks Are Still A Top Target For DDoS Attacks | Imperva

Why Banks Are Still A Top Target For DDoS Attacks

Why Banks Are Still A Top Target For DDoS Attacks

The financial services sector is still a prime target for cyber criminals and it has been widely reported that in 2020 financial institutions came under attack more than ever before.

According to Boston Consulting Group research, financial service firms are up to 300 times more likely to experience a cyber attack per year compared to companies in other industries. With the global pandemic and remote working driving significant increases in DDoS attacks on financial services in the first half of 2020 this appears to be a trend that is set to continue. So what makes financial services more of a target than other industries?

DDoS attackers thrive on the disruption they can cause by launching an attack on a bank which can cause slow website response times and prevent customers from accessing their online banking and other financial applications.

For a DDoS attacker targeting a well-known financial institution and denying access to legitimate users is great for bragging rights and boils down to pure cyber-vandalism. They know that for many banks and other companies in this sector the main objective is to provide a good level of service to their customers, protect their sensitive financial data and continue to grow as a business, and they will get a kick out of disrupting that.

But this isn’t the only reason financial services are still a top target for attackers.

This is a highly lucrative industry, and cybercriminals are also drawn to the riches to be gained by launching an attack on a financial institution. A typical financial institution’s attack surface covers not just its core banking IT systems, but also customer accounts and the wider payment ecosystem.

DDoS attacks are sometimes launched as a diversionary tactic to distract security teams while the cybercriminals carry out another type of attack, possibly to gain access to and steal sensitive financial services data. Getting their hands on sensitive customer data such as financial credentials enables cybercriminals to open fake accounts, access funds and continue their pattern of fraudulent activities.

In 2020 Imperva recorded an increase in DDoS activity targeted at the financial services industry. We monitored a 30% increase in DDoS attacks on its financial services customers in the period pre-COVID vs post-COVID periods with the majority of the increases being recorded for DDoS for Networks mitigation. Increases were seen in traffic volumes, attack duration and packets per second.

In addition, in September 2020 we saw the return of the Ransom Denial of Service (RDoS) threat with many of the targeted organizations being in the financial services industry. RDoS are extortion-based threats to launch a DDoS attack where the threat actors are motivated by financial gain and demand some sort of payment to prevent a DDoS attack on their target’s network. In this case, the extortionists claimed a connection to infamous Advanced Persistent Threat groups such as Fancy Bear and Lazarus Group.

It is thought that over 100 financial services firms were targeted across multiple countries by Ransom DoS attacks in 2020. FS-ISAC has disclosed that those targeted included banks, exchanges, payments companies, card issuers, payroll companies, insurance firms and money transfer services. Already in 2021 a number of previously-targeted financial services organizations have received follow-up emails from the Ransom DoS extortionists reminding them that they have not gone away.

Banks have long been a target for criminals but with the average cost of a DDoS attack on a financial services organization reported to be up to $1.8 million, the growth of digitalization is encouraging banks and other financial firms move their data and applications to the cloud, the threat surface widens for the attackers forcing firms to reconsider their security posture.

Digitalization is also the reason why some organizations are leaving themselves exposed to a great risk in the event of a DDoS attack. For example, with many organizations moving to an Internet Service Provider (ISP) or a Cloud Service Provider (CSP) to host their networks and applications, the default stance is often to rely on that provider to provide adequate security including DDoS protection. However the reality is not always straightforward and the DDoS mitigation provided as part of a service provider’s package might not cover all of your needs.

First and foremost the service providers priority is to protect their own infrastructure at all costs. In some cases it has been known for a service provider to blackhole all traffic to a target customer under DDoS attack. When this happens the service provider injects a null route with the IP of the original victim into their routing infrastructure to block all traffic to the victim. The result is that all traffic, legitimate and malicious, is blocked and therefore the service provider almost supports the original attack by denying all access to the target’s network. In a case like this, that customer would have been better-prepared to mitigate the DDoS attack with their own DDoS mitigation solution in place.

Time to mitigation is another critical factor when it comes to a DDoS attack. With every hour of downtime believed to cost organizations hundreds of thousands of dollars in lost business, the faster the response time the better. In many cases customers trust their service provider to provide a fast response time when under attack this is not always the case and can result in considerable disruption to business and substantial recovery costs.

Another important point to recognize when you are relying on your service provider’s DDoS protection is that, when under attack, your provider will not cover the costs for the additional traffic and bandwidth usage incurred. When targeted by a volumetric attack these costs could be significant.

Financial firms require a fast, efficient and reliable DDoS mitigation solution in place to be fully protected and should choose a leading vendor with security expertise and the capacity to defend against and absorb the impact of a DDoS attack no matter the size.

Imperva offers a cloud-based DDoS Protection service that addresses all of these key requirements, enabling financial institutions to mitigate quickly against an attack and to avoid business disruption by maintaining critical operational uptime and performance.

Learn more about Imperva DDoS Protection here.

Register for our webinar, ‘Why Application Security is Still Critical for Financial Services’