Jan 31, 2023
Denial-of-Service Attacks Rise, Raising Concerns for Banks
(Bloomberg) -- Long considered a nuisance, distributed-denial-of-service attacks, or DDoS, are a growing problem for banks and other financial businesses, according to a new report.
The volume of DDoS attacks targeting financial firms increased 22% year-over-year as of November, according to a new report first provided to Bloomberg News by the Financial Services Information Sharing and Analysis Center, which is known as FS-ISAC. The issue is particularly pronounced in Europe, where financial services saw a 73% increase in DDoS attacks, the report showed.
DDoS attackers marshal an army of connected devices — known as a botnet — and direct internet traffic at a website to disrupt it or shut it down.
The attacks have become a persistent annoyance for financial institutions, causing intermittent downtime and forcing security staffers to repel the activity. Often, hacking groups use DDoS as an extortion technique, demanding money in order to go away. In other cases, political groups aim DDoS attacks at victims in order to send a message, such as when pro-Syrian government hackers aimed their tools at news sites critical of President Bashar al-Assad early during the civil war there.
“I think it’s important to know that in general, when it comes to DDoS attacks, they’re here to stay,” said Teresa Walsh, FS-ISAC’s global head of intelligence.
Last year, DDoS attacks were used to further political aims, targeting those who have taken sides — even indirectly — in the war in Ukraine or other in geopolitical hotspots, including China and Taiwan, according to the report. A group called Killnet, aligned with Russian interests, has waged a campaign of DDoS attacks on websites of businesses, governments and airports in the last year.
Last week, for instance, Killnet claimed credit for a DDoS campaign in Germany that targeted airport websites, the financial sector and federal and state authorities. The attack, which took place in late January, was fended off, for the most part, and didn’t lead to serious consequences, the German Federal Office for Information Security said in a statement.
“DDoS is a favorite tool of hacktivist groups because unlike other forms of cyberattacks, you kind of know when it’s worked,” said Boaz Gelbord, chief of security at Akamai Technologies Inc., which worked with FS-ISAC to compile the report. “When services that are commonly used by the public are unavailable, that causes a big splash.”
In addition, DDoS attacks can now be purchased online by anyone with an internet connection and a dark web browser, according to the report. The DDoS-for-hire model is one currently deployed by some ransomware groups that, for a price, provide their malware to “affiliates” who then conduct the attacks.
The explosion of internet-connected devices has also contributed to the rise because they provide a vast pool of poorly secured products that can be marshaled to serve as botnets and amplify attacks. Some attacks have become so powerful that they can overwhelm mitigation measures, according to the report.
The financial sector has experience with DDoS incidents. A wave of attacks against banks starting in 2011 disabled websites, prevented customers from accessing online accounts and cost the victims tens of million of dollars to remediate them, according to the US Department of Justice, which indicted seven Iranians in 2016 for the incidents.
--With assistance from Agatha Cantrill.
(Updated to include additional context in fourth paragraph about attackers’ motivations.)
©2023 Bloomberg L.P.