Latest news with #FS-ISAC
Techday NZ
2 days ago
- Business
- Techday NZ
APAC financial sector faces 245% surge in DDoS attacks, report finds
Financial institutions in the Asia-Pacific (APAC) region saw a 245% rise in volumetric Layer 3 and 4 distributed denial-of-service (DDoS) attacks last year, accounting for 38% of such incidents globally, according to a new joint report by FS-ISAC and Akamai. The report, titled From Nuisance to Strategic Threat: DDoS Attacks Against the Financial Sector, outlines the growing scale and persistence of DDoS attacks targeting APAC's financial sector. In 2023, APAC only accounted for 11% of these incidents, highlighting the extent of the increase. The analysis found that over 20 financial institutions across six countries were affected by sustained DDoS campaigns in the fourth quarter of 2024, creating downstream risk that could impact up to USD $8 trillion in value. These attacks were notable not for their size, but for their persistence and continuity, a trend not previously seen in APAC. The wave of attacks impacted multiple sectors, including retail banking, payment processing, investment banking, and financial governmental institutions. The report attributes a significant growth in application-level (Layer 7) attacks to the increasing use of application programming interfaces (APIs) within financial services. This expansion of digital infrastructure has introduced new vulnerabilities and a broader attack surface for malicious actors. FS-ISAC's Chief Intelligence Officer and Managing Director, EMEA, Teresa Walsh, commented on the changing character of DDoS threats: "DDoS attacks are becoming increasingly sophisticated, evolving from simple network flooding to targeted, multi-dimensional assaults that exploit intricate vulnerabilities across the entire supply chain. As threat tactics continue to evolve — including those impacting APAC's increasingly digital financial systems — we must ensure our technical defenses evolve and our people, tools, and processes work seamlessly together. It is critical that we harden our infrastructure and foster a culture of continuous vigilance and collaboration to protect continuity and customer trust." Reuben Koh, Director of Security Technology & Strategy, APJ at Akamai, highlighted the changing nature of DDoS campaigns in the region: "DDoS attacks in APAC are no longer blunt-force attempts, but sophisticated multi-vector campaigns that exploit vulnerable systems and exposed APIs. As highly coveted target sectors like financial services, commerce, and manufacturing accelerate digital growth, these continuous attacks pose growing operational and reputational risks, and organizations must work with trusted cybersecurity partners who can provide the intelligence, scalability, and agility needed to defend themselves in today's threat landscape." The joint report also connects the increase in attacks to broader developments, including ongoing geopolitical tensions such as the Israel-Hamas and Russia-Ukraine conflicts. These events have led to a noted rise in ideologically driven hacktivism and blurred the lines between DDoS-for-Hire groups, hacktivists, and state-sponsored actors. The proliferation of DDoS-for-Hire platforms has made these attack tools accessible to a wider range of threat actors. Globally, the financial sector remained the most targeted industry segment for Layer 3 and 4 DDoS attacks, making up 37% of incidents. This marks the second consecutive year that financial services have led in reported attack numbers, followed by gaming at 20% and manufacturing at 17%. No other sector experienced a similar surge, according to the report's findings. The publication discusses strategies for improving defences through the FS-ISAC and Akamai-developed DDoS Maturity Model. This framework provides a benchmark for readiness and recommends targeted investment in defence strategies for organisations managing financial infrastructure and sensitive data. The DDoS Maturity Model highlights several key actions for financial institutions and related entities: Adopt real-time behavioural analytics and traffic baselining Implement threat intelligence-led automation for detection and mitigation Strengthen DNS and API security with continuous testing and hardening Use geo-IP filtering to reduce exposure from high-risk regions The report also contains regional data, profiles of hacktivist groups, and an overview of mitigation strategies and best cyber hygiene practices. It notes the importance of mapping organisational capabilities and practices against different stages of maturity in DDoS defence, offering a structured approach to managing a rising strategic threat. Akamai's collaboration with FS-ISAC on this research builds on the company's involvement in FS-ISAC's Critical Providers Program, which was launched to strengthen supply chain security within the financial sector.
Yahoo
3 days ago
- Business
- Yahoo
DDoS Attackers Increase Targeting of Global Financial Sector, According to FS-ISAC and Akamai Report
Financial sector is the top industry for volumetric DDoS attacks; sophisticated, precision-targeted threats are growing RESTON, Va., June 10, 2025 /PRNewswire/ -- FS-ISAC, the member-driven, not-for-profit organization that advances cybersecurity and resilience in the global financial system, and Akamai Technologies, Inc. (NASDAQ: AKAM), the cybersecurity and cloud computing company that powers and protects business online, today released their joint annual report analyzing the strategic threat posed by the escalating number and sophistication of distributed denial-of-service (DDoS) attacks and their impact on customer trust, operations, and profitability in the financial services sector. The report, From Nuisance to Strategic Threat: DDoS Attacks Against the Financial Sector found that in 2024, the financial services sector was the top target of volumetric DDoS attacks, which aim to overwhelm the target with sheer traffic. DDoS attacks on financial firms' application programming interfaces (APIs) and customer-facing websites are on the rise as well. These precision-targeted attacks are difficult to detect because they mimic legitimate user behavior, which indicates a new level of skill among cybercriminals. The joint report details attack data by region, with profiles of the sector's most prolific attackers. It also provides a DDoS Maturity Model that financial firms can leverage to evaluate their current capabilities and practices to prepare for DDoS attacks, as well as fundamental cyber practices for managing DDoS threats. "DDoS attacks are becoming increasingly sophisticated, evolving from simple network flooding to targeted, multidimensional assaults that exploit intricate vulnerabilities across the entire supply chain," said Teresa Walsh, FS-ISAC's Chief Intelligence Officer and Managing Director, EMEA. "As threat tactics continue to evolve, we must ensure our technical defenses evolve and our people, tools, and processes work seamlessly together. It is critical that we harden our infrastructure, and foster a culture of continuous vigilance and collaboration, to protect continuity and customer trust." Key findings highlight the shifting dynamics of DDoS threats — from the increasing use of DDoS-for-hire services to regional surges in activity — underscoring the urgent need for advanced, adaptive defense strategies. Highlights of the report include: DDoS attacks on the financial sector have increased disproportionately compared to other industries. The sector remained the leading target for volumetric DDoS attacks year over year, with a major spike in October 2024. DDoS attacks are increasing in frequency, and cybercriminals are exploiting today's high bandwidths and greater computational resources to launch more adaptable, powerful, and cost-effective DDoS attacks. Application-layer DDoS attacks against the financial sector increased 23% between 2023 and 2024. The adoption of APIs in financial services has expanded the sector's threat surface, and malicious actors have evolved their tactics in response. The widespread use of DDoS-for-hire services targeting the financial sector disguises attackers, making it difficult to identify the cybercriminal's motivation and develop mitigation plans. Ongoing geopolitical tensions, particularly the Israel-Hamas and Russia-Ukraine wars, have fueled a surge in hacktivism. DDoS attacks on the financial services sector increased significantly in the Asia-Pacific region, accounting for 38% of all volumetric DDoS attacks, up from 11% in 2023. Together, FS-ISAC and Akamai developed a five-level DDoS Maturity Model detailing DDoS-relevant characteristics, defensive capabilities, and risks to help financial institutions assess their ability to withstand DDoS attacks. Institutions at any level of cyber maturity can use it to identify areas for improvement and improve their resilience, prioritize investments, and facilitate ongoing enhancement. "Threat actors will continue to leverage DDoS attacks to exploit the security of our institutions," said Steve Winterfeld, Advisory CISO of Akamai. "These attacks strive to exhaust an institution's network infrastructure and in turn, drain the resources used to defend against them. The implementation of mitigation strategies, robust cyber hygiene fundamentals, and industry best practices can help the sector defend against the evolving risk." The collaboration on this report is a product of Akamai's founding participation in FS-ISAC's Critical Providers Program, which was launched in 2022 to bolster the financial sector's supply chain security. Download the full report. About FS-ISAC FS-ISAC is the member-driven, not-for-profit organization that advances cybersecurity and resilience in the global financial system, protecting the financial institutions and the people they serve. Founded in 1999, the organization's real-time information-sharing network amplifies the intelligence, knowledge, and practices of its members for the financial sector's collective security and defenses. Member financial firms represent $100 trillion in assets in 75 countries. About Akamai Akamai is the cybersecurity and cloud computing company that powers and protects business online. Our market-leading security solutions, superior threat intelligence, and global operations team provide defense in depth to safeguard enterprise data and applications everywhere. Akamai's full-stack cloud computing solutions deliver performance and affordability on the world's most distributed platform. Global enterprises trust Akamai to provide the industry-leading reliability, scale, and expertise they need to grow their business with confidence. Learn more at and or follow Akamai Technologies on X and LinkedIn. Contacts for Media media@ jlubinsk@ View original content to download multimedia: SOURCE Akamai Technologies, Inc.
