Financial services has surpassed gaming as the top vertical for DDoS attacks

CAMBRIDGE, Mass., Sept. 27, 2023 /PRNewswire/ -- Akamai Technologies, Inc. (NASDAQ: AKAM), the cloud company that powers and protects life online, today released a new State of the Internet report that explores existing and emerging cyberattacks against the financial services industry. The new report, The High Stakes of Innovation: Attack Trends in Financial Services, includes regional data as well as a look into what is driving the increased number of attacks against the sector.

The report notes that application and API attacks in the financial services vertical grew by 65% when comparing Q2 2022 with Q2 2023. This amounts to more than 9 billion attacks over a period of 18 months. The attacks were driven in part by cybercriminal groups conducting zero-day and one-day vulnerability abuse as pathways for initial intrusion. The High Stakes of Innovation: Attack Trends in Financial Services report shows that financial services has surpassed gaming as the top vertical for DDoS attacks. This is due to Layer 3 and Layer 4 DDoS attacks caused by the dramatic surge in the power of virtual machine botnets and hacktivism motivated by the Russia-Ukraine conflict.

The High Stakes of Innovation: Attack Trends in Financial Services features commentary and recommendations from Teresa Walsh, Global Head of Intelligence for the Financial Services Information Sharing and Analysis Center (FS-ISAC). She writes, "One of the key threat vectors facing the global financial sector is supply chain risk. As shown by Akamai's research, the significant increase in attacks and vulnerabilities through third-party APIs and scripts requires firms to take an increasingly active approach to hardening systems and third-party risk management more broadly."

Other key findings of the report include:

The Europe , Middle East , and Africa region accounts for 63.5% of DDoS events. The number of attacks against this region nearly doubled the number for the next top region. This is likely due to political motivations of attack groups against European banks.

, , and region accounts for 63.5% of DDoS events. The number of attacks against this region nearly doubled the number for the next top region. This is likely due to political motivations of attack groups against European banks. Financial services remains the most targeted web attack vertical in the Asia, Pacific , Japan (APJ) region, which experienced nearly 50% of all web application and API attacks during the reporting period.

, (APJ) region, which experienced nearly 50% of all web application and API attacks during the reporting period. The rapidly climbing number of malicious bot requests (1.1 trillion), which increased by 69%, exemplifies the continued assault against customers and their data through attacks like account takeover and the risks posed by financial aggregators.

Although the financial services vertical has fewer third-party scripts than other industries, at 30%, they are prone to attacks like web skimming. However, financial services entities are proactively fighting back with the adoption of solutions to comply with the new requirements of PCI DSS 4.0.

Local File Inclusion (LFI) vulnerabilities are driving the surge in web application and API attacks with 53% growth in the last year. LFI has consistently remained the top web attack vector.

"Financial services is heavily targeted by attackers with both old and new security threats," said Steve Winterfeld, Advisory CISO at Akamai. "The High Stakes of Innovation: Attack Trends in Financial Services evaluates Akamai's massive volume of threat traffic to provide insights and analysis that will help this sector defend critical data and improve security for customers."

