According to a report by Akamai [2], cyber-attacks on European financial services firms have seen a significant increase. This has been driven by cybercriminal groups exploiting vulnerabilities and has resulted in the financial services sector becoming the top target for DDoS attacks.
Description
The report reveals that cyber-attacks on European financial services firms have doubled between Q2 2022 and Q2 2023, with a 119% increase [1]. These attacks have been primarily driven by cybercriminal groups taking advantage of zero-day and one-day vulnerabilities. Notably, the financial services sector has surpassed gaming as the primary target for DDoS attacks [2]. This increase in attacks can be attributed to the rise of Layer 3 and Layer 4 DDoS attacks, which are facilitated by the increased power of virtual machine botnets and hacktivism related to the Russia-Ukraine conflict [2].
Within the EMEA region [1], financial services organizations have experienced approximately one billion web application and API attacks [1]. Insurance companies have been the most targeted sub-sector within this industry. However, it is important to note that financial services were only the third-most targeted sector in EMEA overall. EMEA financial services firms accounted for 63.5% of globally detected DDoS attacks [1], with a 40% increase in DDoS events between Q2 2022 and Q2 2023 [1]. The UK and Germany had the highest share of DDoS attack events [1].
Akamai’s report highlights that EMEA is a hotspot for DDoS activity across various sectors [1], including gambling [1], commerce [1], and manufacturing [1]. The Europe [2], Middle East [2], and Africa region accounted for the majority of DDoS events [2], likely due to political motivations [2]. Additionally, the Asia [2], Pacific [2], Japan region experienced a high number of web application and API attacks in the financial services sector [2].
The report also mentions the increase in malicious bot requests and the vulnerability of financial services entities to web skimming attacks [2]. Local File Inclusion vulnerabilities have been identified as the main driver behind the surge in web application and API attacks.
Conclusion
The findings of the report emphasize the need for financial services firms to align their security strategies with emerging laws and regulations. As the highly targeted sector, it is crucial for these firms to stay ahead of both old and new security threats. Mitigating the risks posed by cyber-attacks is essential to protect sensitive financial data and maintain the trust of customers. Looking ahead, it is clear that the financial services sector will continue to face evolving challenges in the realm of cybersecurity.
References
[1] https://www.infosecurity-magazine.com/news/emea-financial-services-attacks/
[2] https://menafn.com/1107151097/Akamai-Research-Finds-65-Increase-In-Web-Application-And-API-Attacks-On-Financial-Services
