Distributed Denial of Service (DDoS) attacks first appeared on the radars of security experts around 1999, when a wave of cyberattacks brought down countless websites, including resources of major corporations, such as CNN, eBay, Amazon, and E-Trade.
Many years later, DDoS attacks have not lost their relevance, on the contrary, DDoS attacks are growing more and more destructive. Financial institutions are increasingly becoming the targets of malicious actors, their financial and commercial losses inflicted by DDoS, lost revenue, customer churn, and hits to reputation, far exceeding operating losses.
Research made by Boston Consulting Group suggests that companies in the financial market are 300 times more likely to be targeted by DDoS than companies operating in other industries.
DDoS then is a real and pressing threat for banks. But why are DDoS attacks in this industry that much more prevalent?
Why do DDoS attackers target banks?
With an average attack costing banks up to 1.8 million US dollars, it’s easy to see why so many DDoS actors like to operate on the financial market. When a bank’s network is flooded, the attack can potentially disable a wide range of resources, including online portals, payment networks, and more.
Some threat actors launch attacks to demand ransom. Others use DDoS as a smokescreen to distract security teams and attempt to steal personal data and banking credentials. Stolen information enables hackers to open fake accounts or even access private funds.
Whatever the reason, a successful exploit carries a tremendous hit to the reputation of the financial institution in question, with their infrastructure fully paralyzed and clients left without access to their money for prolonged periods.
Realizing this, some hackers target banks purely because they understand the importance of this online infrastructure, making cyber-vandalism of this level that much more satisfying.
Amplification attacks and botnets
Since the first half of 2010, amplification has been one of the most widely used types of DDoS attack. An amplification attack starts with a request being sent to the server containing a vulnerability. The server then replicates that request and forwards it to the victim’s address. The cost required to launch an amplification attack is far lower than what the victim company needs to mitigate it, unless they are using an online security provider.
Aging amplification attacks are still common. Notably, a series of DDoS campaigns using this technique based on the Memcache protocol swept across Europe in 2018. More recently, the FBI issued a warning against destructive amplification attacks in July 2020.
Botnets are another popular technique used by DDoS threat actors. It involves creating a network of infected devices, usually consisting of android-based mobile gadgets and IoT devices, such as routers and security cameras, and programming them to generate garbage requests to a targeted server.
Botnets have been used in some of the most destructive DDoS campaigns in history, such as the series of attacks carried out by the Mirai botnet. Among its victims were some of the leading banks of Holland, including ING, ABN Amro, and Rabobank.
Staying safe from DDoS
Regardless of attack type, the recommendations for setting up protection against DDoS are universal.
The constantly evolving toolbox enables threat actors to launch DDoS attacks that can easily exhaust the entire network capacity of the victim. Even specialized devices installed in datacenters sometimes prove ineffective.
Operator solutions are not a cure-all either. Provider networks are not designed for extreme loads and often cannot neutralize high-speed attacks, some reaching 1.7 terabits per second level.
The industry then is transitioning from the operator and on-site solutions to geo-distributed services specializing in DDoS mitigation, since a distributed threat can be effectively counteracted only by an equally distributed network.
The best modern protection then is provided by specialized DDoS protection services that own scrubbing centers in multiple geographical zones and specifically near the physical location of the client’s servers.
Broad geographic coverage enables such companies to route and filter malicious traffic on-site, taking the load off the victim’s network itself.
The modern financial sector is on the very front of the DDoS war. There are hardly any banks that haven’t yet experienced a denial of service attack at least once. The question then is not whether a company will get attacked, but rather, when will it happen?
Therefore, it is imperative to change our approach to security and incorporate DDoS resistance in the very design of IT infrastructure. Whichever method of protection a financial company chooses, the main thing is to be prepared for attacks in advance.