Over a 1.5-year period, the global industry’s cyber threat metrics were analyzed by a content delivery network for insights
Drawing from an internal tool for analyzing security events* detected on its customer ecosystem of approximately 340,000 servers in more than 4,000 locations on nearly 1,300 networks in 130+ countries, an internet content delivery network firm has released some findings on attack trends in the financial services industry (FSI) between the whole of 2023 and the H1 2024.
First, the data analyzed indicates that the FSI has remained the most frequent target for Layer 3 and 4 distributed denial-of-service (DDoS) attacks for the second consecutive year since such analyses were started. The industry had accounted for 34% of DDoS attacks, followed by gaming at 18% and high technology at 15%.
Second, the increased DDoS events have been attributed by the analysts to the high-stakes nature of the industry, as well as ongoing geopolitical tensions that have fueled a surge in hacktivist activities. Well-known threat actors such as REvil, BlackCat (ALPHV), Anonymous Sudan, KillNet and NoName057 have all been implicated in cyber threats linked to the ongoing Russia-Ukraine/ Israel-Hamas sagas.
Other findings
The data also showed that the FSI has been most impacted by brand impersonation and abuse (36%), based on the number of all suspicious sites monitored . This was far ahead of the second-most targeted vertical: commerce (26%). Also:
- Phishing dominated the counterfeit domains that have been targeting financial services, accounting for 68% of all recorded instances. Brand impersonation followed in second place, representing 24% of all recorded domains.
- The sharp increases in the number of Layer 7 DDoS attacks were found to have specifically targeted applications via application programming interfaces (APIs). Of particular interest were undocumented shadow APIs, which are often unprotected because information security teams are unaware of their existence. Attackers can exploit these APIs to exfiltrate data, bypass authentication controls, or perform disruptive acts.
- DDoS event frequency did not always correlate with attack intensity. While some months of the data analyzed showed few attacks, other corresponding data had indicated significant traffic spikes, emphasizing the need to consider both attack frequency and volume when assessing DDoS attacks.
- In data for the Asia Pacific and Japan region (APJ), the FSI was deemed fragmented, leading to correlations to the region registering the highest median threat score for phishing, specifically around a number of suspicious domains and requests. Rapid banking industry digitalization, combined with low societal awareness of phishing dangers, were suggested as the main draw of such attacks. However, the region also attracted fewer phishing or brand impersonation domains, compared to data from other parts of the world.
- The APJ region’s cybersecurity measures have been deemed by the report analysts to lag behind that of Europe and America, while rising brand abuse risks were attributed to high levels of digitalization and active social media use — opening more avenues for phishing and impersonation attacks.
According to Reuben Koh, Director of Security Technology & Strategy (APJ), Akamai Technologies, the content delivery system releasing its analytics findings: “With financial services continuing to be the most targeted industry in APJ for web application and API cyberattacks, technology decision makers like Chief Information Security Officers must carefully decide where to automate, delegate, and outsource, ensuring scalable security solutions that not only defend assets but also preserve customer loyalty in an increasingly digital world.”
*spanning the period of 1 January, 2023, through 30 June, 2024 on the firm’s web application firewall infrastructure