Rising DDoS Attacks in the Finance Industry

An opinion piece by Emad Fahmy, Systems Engineering Manager, Middle East, NETSCOUT

While the global pandemic introduced new security challenges for modern businesses and security teams, it has also presented a tremendous opportunity for cybercriminals. With the advent of remote working, threat actors exploited security vulnerabilities across several industries.

Interestingly, cybercriminals launched over 10 million Distributed Denial-of-Service (DDoS) attacks last year. This is an increase of nearly 1.6 million attacks compared to 2019, according to NETSCOUT’s recently published Threat Intelligence Report.

The aim of these DDoS attacks is usually to cripple industries that relied heavily on online services such as healthcare, online education, streaming platforms e-commerce and finance.

In the UAE, the financial sector was one of the most impacted sectors last year, experiencing a significant amount of cyberattacks. Thus, authorities in the UAE are increasingly prioritizing cybersecurity in this area. Earlier this year, the Central Bank of UAE and UAE Banks Federation conducted a cyberattack simulation exercise to test the banks’ preparedness, demonstrating the urgency to protect the institutions from emerging cyber threats.

Organisations that operate within financial sector specifically are an attractive target as they are perceived to have access to vast amounts of money, and large swathes of private data. High-profile examples of DDoS attacks against the financial sector include the extortion attack that hit the New Zealand stock exchange in August 2020, and the powerful attack that disrupted several of Hungarian banking and telecommunication services in September 2020.

Cyberattacks and DDoS attacks have the potential to disrupt security and operations. To protect themselves from these concerning threats and strengthen their online infrastructure, financial institutions must adopt solid defences against malicious actors.

DDoS in Action

DDoS attacks are designed to overwhelm targeted systems to cause maximum disruption and to shut down services. This is done by flooding the targeted network, application, or service with internet traffic and prevent genuine users from accessing the system they wish to access. There are several different forms of DDoS attacks.

One example, common in the finance industry, is a DDoS extortion attack. This involves the threat actor launching a demonstration DDoS attack against elements of an organisation’s online infrastructure. After this, the attacker sends an email to the targeted business threatening to launch a full-on DDoS attack if ransom demands are not met within a certain period of time. These demands call for payment in the form of cryptocurrency in order to avoid being traced by law enforcement authorities.

Another type of DDoS attack used against organisations is a reflection/amplification attack. This type of attack enables threat actors to generate high-volume attacks through a combination of reflection and amplification attacks. By using this attack method, cybercriminals can magnify the volume of malicious traffic they’re capable of generating while at the same time concealing the sources of the attack traffic.

This type of DDoS attack is dangerous to businesses as they display no evidence of having been compromised. Moreover, sophisticated tools are not required when it comes to launching a reflection/amplification attack. This means that cybercriminals can create huge volumetric attacks by using just one robust server or a modest source of bots. This makes it challenging to prevent these forms of DDoS attacks.

How can organisations in the finance industry defend themselves?

The best defence against DDoS attacks of any type is to install a robust DDoS defence system. Financial institutions that have adequately prepared to defend themselves by putting an effective DDoS mitigation system have experienced little to no issues relating to DDoS attacks. Thus, financial organisations should invest in strong DDoS mitigation services rather than paying the ransom when it comes to DDoS extortion attacks. It is also important for financial institutions to semi-regularly test their DDoS mitigation services. This ensures that any changes to an organisation’s online infrastructure are incorporated into its DDoS defence plan.

In addition to this, organisations in the finance industry must know who to contact at the relevant regulators and security providers in the event of a DDoS attack.

Although a DDoS attack can have a catastrophic impact on financial organisations, the damage caused by the attack can be kept to a minimum providing financial institutions have installed a strong and effective DDoS mitigation system. In addition, a through plan of action must be in place, in the event that they’re hit by a DDoS attack.