The number of distributed denial-of-service attacks (DDoS) aimed at U.S. financial firms shot up 22% year-over-year as of November, according to a Financial Services Information Sharing and Analysis Center (FS-ISAC) report first provided to Bloomberg. In Europe, attacks increased 73%.
Here’s how such activities work: Attackers amass a host of connected devices, called a botnet, and direct Internet traffic at a website to disrupt it or shut it down. Cybersecurity products can interrupt most incidents, but the attacks have gotten easier for non-technical perpetrators to carry out, according to cybersecurity experts.
In 2022, for example, DDoS attacks were used to target players who took sides in the war in Ukraine and other geopolitical hotspots, including China and Taiwan, the report said. A group called Killnet, which is aligned with Russian interests, has attacked the websites of businesses, governments, and airports.
In early February, Killnet claimed credit for a DDoS campaign in Germany that targeted airport websites, the financial sector, and federal and state authorities. The January attack was subdued, for the most part, and didn’t lead to serious consequences, the German Federal Office for Information Security said in a statement.
“DDoS is a favorite tool of hacktivist groups because unlike other forms of cyberattacks, you kind of know when it’s worked,” Boaz Gelbord, Chief Security Officer at Akamai Technologies Inc., which worked with FS-ISAC to compile the report, said in an interview. “When services that are commonly used by the public are unavailable, that causes a big splash.”
Attackers are also using DDoS to extort companies and organizations. In 2020, the New Zealand Stock Exchange and about 100 other companies were targeted.
Also, anyone with an internet connection and a dark web browser can buy DDoS attacks online, according to the report. The DDoS-for-hire model is deployed by some ransomware groups that sell their malware to “affiliates” who then conduct the attacks.
The ever-increasing number of Internet-connected devices has contributed to the rise in attacks, since they provide a large collection of poorly-secured products that can serve as botnets. Some have become so powerful, the report says, that they can overwhelm mitigation measures.