Distributed denial-of-service (DDoS) attacks are becoming increasingly common across the financial services industry. DDoS attacks occur when a portion of the network is targeted, typically at the networking, transport, or application layer, with a flood of requests that overwhelm network bandwidth, causing it to slow or crash completely. Traditionally, DDoS attacks are associated with hacktivists or nation-state backed cybercriminals who leverage the attacks for political means. However, as organizations become more reliant on the internet and web-based transactions, these attacks have evolved as a way to target businesses, especially those in the finance space, to make money. In fact, data shows that DDoS attacks are the most common type of cyberattack used against financial services firms, making up 32 percent of analyzed attacks.
Consequences of DDoS
Regardless of how they are carried out, DDoS attacks result in downtime. This is especially impactful as organizations undergo digital transformation and move core business capabilities online to meet consumer demands. Estimates figure that financial institutions can lose up to $100,000 per hour as a result of the downtime brought on by DDoS attacks. However, more than just downtime, DDoS attacks are also being used to extort organizations. Cybercriminals now have been known to threaten businesses with DDoS unless they are paid a fee. In addition to cyber extortion, DDoS attacks are commonly used as a distraction tactic to divert IT and security resources while cybercriminals install malware or other malicious programs that assist in the exfiltration of data. Wanting to protect consumer data, the bottom line, and business reputation, banks stand to lose a lot in the event of a DDoS attack, especially as they are expected to grow in frequency and size in the coming years.
Larger, More Frequent Attacks on the Horizon
In past years, we have seen large DDoS attacks target financial institutions at between 200 – 300 gigabytes per second. However, 2016 saw DDoS attacks that reached one terabit per second. Deloitte predicts that these larger attacks will continue on a greater scale, with at least one attack per month reaching the one terabit mark, and an expected 10 million DDoS attacks to be carried out throughout 2017.
Factors Enabling DDoS
This growth in DDoS attacks is largely attributed to the increased number IoT devices being deployed along with the ease with which DDoS capabilities can be obtained.
- IoT Devices: The number of connected devices is rapidly increasing across the financial sector, and while they offer many conveniences and benefits to consumers, they are also largely insecure. Waves of vulnerable IoT devices are now being corrupted with malware and turned into bots. These devices are then networked to create a botnet, which might span hundreds of thousands of infected devices. These botnets are used to flood networks with malicious traffic, resulting in high volume DDoS attacks that are often able to take an entire site offline.
- Accessibility: At the same time, it has become increasingly simple to purchase malware, malware as a service, DDoS as service, and more on the dark web. This means that even without coding skills, people can launch sophisticated, effective attacks that leverage complex botnets.
Types of DDoS Attacks
As financial services institutions seek to mitigate these growing threats, they must be aware of the most common types of DDoS attacks – those that occur at the network, transport, and application layer. Volumetric attacks are those that inundate the network with requests from various devices and computers, flooding the available bandwidth. Among the most common types of volumetric attacks is DNS amplification, in which a query is sent using a false target IP address.
Next, protocol attacks exploit vulnerabilities that exist in the third (network) and fourth (transport) networking layers. These exploits allow the attacker to deny access to a targeted server, website, etc.
Finally, application layer attacks target applications with requests that appear to come from legitimate users until the application in knocked offline by the inundation of requests. These types of attacks are considered the most difficult for security teams to detect and mitigate.
Securing Against DDoS Attacks
To mitigate the risks that DDoS attacks pose, financial services companies must employ a robust DDoS defense that protects against each of these attack vectors.
FortiDDoS defends organizations against bulk volumetric attacks, layer 7 application attacks, SSL-based attacks, DNS-based attacks, and IoT botnet attacks using behavior-based analysis rather than a signaturebased approach. This is done by building an adaptive baseline of standard network activity using hundreds of thousands of parameters, which can then be monitored for abnormal activity. FortiDDoS also includes comprehensive reporting that allows IT teams to monitor top attackers, top attacked IP addresses, top attacked protocols, and more.