By Philippe Alcoy, Security Technologies for NETSCOUT
The way in which financial institutions operate has changed dramatically due to the events of the last year and a half. The Covid-19 pandemic forced the vast majority of organisations in the industry to implement remote working measures and adapt their operation models as a result. When employees are working from home however, large swathes of private and sensitive data are left exposed to threat actors outside of the traditional perimeters, due to the data being accessed from external locations. Predictably, cybercriminals have been quick to pounce on this potentially lucrative opening.
As such, a sharp increase in Distributed Denial-of-Service (DDoS) attacks has emerged since the start of the pandemic. Evidence of this can be seen in the latest NETSCOUT Threat Intelligence Report, which highlights that threat actors launched around 5.4 million DDoS attacks globally during the first half of 2021 – an 11 percent increase from the same time frame in 2020. If this trend were to continue, we would hit nearly 11 million DDoS attacks in 2021, which would surpass the current record of 10 million attacks set last year.
When looking specifically at the financial sector, the report observed that in the first half of 2021, more than 50 percent of organisations targeted by DDoS extortion attacks were in the financial industry. This aligns with the primary target base of the Lazarus Bear Armada campaign, the group who most notably knocked the New Zealand stock exchange offline for two days in August 2020. What’s more, commercial banks and payment card processors were also targeted by threat actors, with the sector hit by more than 7,000 DDoS attacks in the first six months of 2021. Several of these attacks were successful, negatively affecting both the targeted business and downstream consumers trying to use credit cards. As credit card processors are capable of servicing more than 5,000 transactions per second, even a minute’s worth of downtime can lead to millions of pounds in lost revenue, while also having a negative impact on the company’s reputation.
What has caused this rise in DDoS attacks?
There are a number of different factors that have led to the increase in DDoS attacks. Firstly, many internet users are not sufficiently protected against cyberattacks when working away from the office. This is due to the fact that the enterprise-grade security systems used at most external locations do not prevent DDoS attacks. Subsequently, there has been a rise in incidents, such as the Lazarus Bear Armada DDoS extortion attacks, with the threat actors behind these attacks targeting Virtual Private Network (VPN) concentrators.
Further to this, cybercriminals have come to the realisation that instead of disrupting 10-20 percent of a business’s workforce, as was the case when employees were working from the office, they can now play havoc with an entire organisation with employees working remotely. What’s more, threat actors have been able to exploit the vulnerabilities caused by the significant increase in internet usage during the last 18 months. As more people are online than ever before, attackers have an opportunity to launch more damaging attacks.
Finally, attackers have taken advantage of the current circumstances. With the continued reliance on remote working, cybercriminals have displayed their opportunistic nature. Having observed the importance of online infrastructure in terms of keeping businesses in operation and remote workforces connected, threat actors have launched an increased number of attacks against the internet publishing and broadcasting industry. In fact, this sector, which includes companies like Zoom, Microsoft Teams and other video conferencing applications used for business meetings and training, was among the most attacked in the first half of 2021. As such, organisations in the financial sector have been heavily impacted by this as they rely on these applications to communicate with one another, especially when working remotely. Overall, these factors indicate the vital role played by the pandemic in leading to the increase in DDoS attacks.
Why it is vital to develop secure DDoS defence systems
Although it is impossible to predict what will happen in the future, DDoS attack rates are showing no signs of significantly slowing down. Therefore, organisations operating in the financial sector are still in danger of being on the receiving end of a damaging attack. Additionally, the damage that DDoS attacks can do from a monetary perspective is considerable. NETSCOUT’s latest Worldwide Infrastructure Security Report observed that downtime associated with internet service outages caused by DDoS attacks cost organisations $221,836.80. As such, businesses must create strategies capable of combatting these attacks, in addition to having an effective DDoS defence system in place.
In order to address this ongoing threat, it is vital for businesses in the finance industry to invest in a DDoS protection system that is both strong and effective. A system like this is capable of defending an organisation’s public-facing online infrastructure from DDoS attacks. This will give businesses peace of mind should they be on the receiving end of a DDoS attack, as well as full confidence in the system they’re deploying. If an organisation has proactively secured its system with a powerful DDoS mitigation solution, then the damage inflicted by a DDoS attack should be limited.
It is also necessary for financial institutions to test their DDoS mitigation system periodically. By doing this, organisations ensure that changes made to their online systems are included in the comprehensive defence plan, protecting the entirety of the online infrastructure from DDoS attacks. Furthermore, businesses should consider employing an on-demand DDoS attack expert. Through the use of a DDoS expert, organisations can navigate unfamiliar terrain and circumstances, which can be extremely beneficial for the team and the entire company.
As threats become increasingly sophisticated and DDoS attacks continue to evolve and become more complex, it is vital for organisations in the financial sector to keep on investing in appropriate security. Through the implementation of robust preventative measures, these businesses will be in a position of strength when it comes to protecting themselves from the cyberthreats that have emerged as a result of the new business normal.
