Financial Institutions’ Biggest Cyberthreat: DDoS Attacks

A recent report by security firm Arbor Networks has revealed that financial institutions are the most targeted sector by DDoS extortionists.

Financial institutions often underpin entire economies. It comes as little surprise then that they are often the choice target for an impactful, seismic DDoS attack, according to Richard Brown, European director for channels and alliances, Arbor Networks. A recent study called the Worldwide Infrastructure Security Report by the same company has revealed interesting statistics.

The highest sector for DDoS attacks among all companies and platforms to have an online presence are financial institutions. A staggering 57% of financial institutions have experienced a DDoS attack.

A recent attack on HSBC’s online banking services attests to this, despite the bank’s claims that had successfully mitigated a DDoS attack that targeted the financial institution on January 29. Services were affected for most customers throughout the day.

Nowadays, the average intensity of a DDoS attack are enough to knock most businesses offline, the report also revealed.

The largest attack reported in 2015 was a peak 500 Gbps, over 60 times the figure achieved by the biggest DDoS attack 11 years ago.

Gary Sockrider, principal security technologist at Arbor Networks told Computer Weekly:

What is significant is that the average of just under 2Gbps, which we see across tens of thousands of attacks, is enough to overwhelm most business internet connections.

Another significant recent indicator among DDoS attacks revealed that criminal activity and intent for extortion has replaced vandalism and activism as the lead cause for DDoS attacks.

The survey polled 350 network operators including service providers and enterprises. More than half of those polled revealed that the number of multi-vector attacks, comprehensive in their span of targets, have gone up 42% from the previous year.

Other stats revealed that a third of the respondents saw attacks targeting their cloud infrastructure, up from 19% in 2013 and 28% In 2014.

Additionally, cybercriminal groups are selling their DDoS services that are aimed at enabling business organizations by disrupting the services of their competitors. Businesses also believe that DDoS attacks are seen as a distraction or a smokescreen to carry out other attacks such as installing malware or network breaches.

Altogether, no organization, big or small is immune from a DDoS attack and it is imperative that security measures and a capable infrastructure is in place to mitigate attacks that can be initiated by a whole range of threat actors with a differing set of motives.

Image credit: Imgur.