Rising geopolitical tensions, particularly involving Russia and the Middle East, helped fuel one-third of denial-of-service cyberattacks that targeted the global financial services sector for the second year running, according to new findings from cloud and cybersecurity services provider Akamai.
The cyber assaults, commonly known as DDoS attacks, targeted around 34% of financial institutions observed between January 2023 and June 2024, aiming to cripple the companies’ websites by overwhelming them with bot-generated network traffic. The video game and technology sectors were the second and third most targeted in the observed period, respectively, the Akamai report says.
Russia’s ongoing war in Ukraine and the Israel-Hamas war have fueled a rise in hacktivist activity that has contributed to the surge in DDoS attacks, it notes. European banks affiliated with Ukraine have been especially targeted in the assaults, though the report did not provide specific numbers.
Nearly 3,000 DDoS attacks targeting the financial sector were recorded in the findings. While not every bank or financial provider has explicit geopolitical motivations, their critical role in the global economy still makes them prime targets for hackers.
“Financial institutions are attractive targets for DDoS attackers because of the high stakes involved. Successful disruption of operations can lead to severe financial impact, significant reputation damage, and a loss of trust in the global financial system,” the analysis states.
Cybercriminals have used technological advances to launch powerful DDoS attacks against victims at a low cost, it adds. They’ve used virtual machines—which simulate multiple computer systems in the cloud—to amplify their strikes, making them harder to detect and disrupt.
Akamai says that the DDoS attacks against the financial sector targeted companies’ Layer 3 and Layer 4 systems, which focus on disrupting the core infrastructure of internet connections by overwhelming their routers and servers.
If successfully disrupted, victims face significant challenges in recovering their communication and network services.
“Single vector DDoS attacks targeting Layers 3 and 4 require fewer resources and can be highly effective on their own, especially against financial institutions that may have robust defenses against more complex attacks,” Akamai says. Such assaults rely on overwhelming a single point of failure, such as a server or network, with a flood of traffic.
DDoS attacks aren’t always successful, but they are often deployed year-round because cybercrime marketplaces encourage hackers to consistently target their targets at the lowest cost possible. “DDos for hire” offerings on the dark web, where brokers sell digital infrastructure to launch these overloading attacks, can cost buyers as little as $38 or even less.
DDoS criminals have also increased attacks on the application layer of financial organizations’ systems, targeting the more resource-intensive components of applications, the company says.
Unlike Layer 3 and 4 DDoS attacks, which are often mitigated by firewalls and other network protections, Layer 7 attacks bypass these defenses by disguising themselves as legitimate user requests. They target specific web pages or search functions with the intent to overload the application server and disrupt normal services.
One notable Layer 7 attack occurred this summer when a pro-Palestinian hacker group targeted an unnamed bank in the United Arab Emirates, Akamai said. It lasted about 100 hours, with waves of web traffic hitting the bank for 4 to 20 hours at a time, averaging 4.5 million requests per second. This meant the bank was under attack 70% of the time, significantly affecting its ability to serve customers.
A separate Layer 3 and 4 DDoS blitz in July targeted a high-profile Israeli financial services firm, which Akamai said it mitigated after nearly 24 hours.
DDoS attack frequency does not necessarily correlate with intensity, the report notes.
“A single DDoS attack event is not a simple, one-dimensional occurrence. Instead, it often comprises multiple DDoS attempts, each sending enormous volumes of data—many gigabits and millions of packets per second,” the report says. “These attacks can vary significantly in their approach and duration.”