DDoS attacks on the financial sector, especially in Asia-Pacific, are rising sharply. Banks are the primary targets, with attacks increasing by 154% from 2022 to 2023. Hacktivism and cheap, powerful botnets drive these attacks, posing significant risks to system stability and trust.
The escalating menace of Distributed Denial-of-Service (DDoS) attacks has put the financial sector squarely in the crosshairs of cybercriminals.
Highlighted in the FS-ISAC and Akamai Technologies' report "DDoS: Here to Stay," this worrying trend shows no sign of abating, particularly in the Asia-Pacific region where the financial industry is now the third most targeted for cyberattacks, trailing only behind commerce and gaming.
This designation underscores the broad and increasing risk of cyber threats faced by the sector.
A notable uptick in such cyberattacks, chiefly orchestrated by hacktivists and targeting entities in geopolitically sensitive areas, aims to disrupt the essential online services of these institutions.
The reliance on uninterrupted online presence makes these disruptions more than just inconvenient; they pose a significant threat to the stability and trust in financial systems.
Teresa Walsh, the global head of intelligence at the Financial Services Information Sharing and Analysis Center, underscores the gravity of these threats, noting,
"Even just being offline for a minute can cause huge reputational risks."
This statement highlights the high stakes involved in maintaining continuous online service availability.
In a closer look at the Asia-Pacific region, the report reveals that 11% of DDoS attacks were directed at financial services, with banks suffering the majority of these attacks (91%), a figure that significantly outstrips the global average.
From 2022 to 2023, there was a stark 154% rise in DDoS attacks against the sector, with financial services accounting for 35% of all such attacks globally, thereby eclipsing the gaming industry as the most frequently targeted.
This increase in attacks is linked to the proliferation of more powerful botnets and a surge in hacktivism, often propelled by geopolitical strife.
The report stresses the critical need for robust cybersecurity measures to counteract these threats, particularly those launched via cost-effective DDoS-for-hire services found on the dark web.
Moreover, the report documents a notable rise in both the frequency and intensity of DDoS attacks over 2023, with high-profile banking institutions and those with significant brand recognition being particularly vulnerable.
Despite likely having more sophisticated defence mechanisms, the potential for operational disruption, eroding customer trust, and financial losses remains a significant concern.
Experts from FS-ISAC and Akamai provide insights into the shifting dynamics of DDoS threats.
The document highlights some of the most noteworthy security incidents of 2023, including the largest DDoS attacks that Akamai has encountered across the U.S., Europe, and the APAC region. In a standout moment, Akamai successfully neutralised an unprecedented attack in the APAC area, leveraging the expertise of over 225 front-line responders, a targeted defence capability platform, and advanced DDoS mitigation tactics.
Despite the attack's intensity, peaking at 900.1 Gbps and 158.2 Mbps, it resulted in no collateral damage.
In alignment with Akamai's latest State of the Internet (SOTI) reports for the financial services and commerce sectors, the financial industry continues to be the most targeted sector for web application and API attacks in the APJ region, with commerce following closely behind.
Since the June 2023 analysis, the financial sector has seen attacks surge to over 4.5 billion—a significant rise from 3.7 billion, marking an 18% increase.
Furthermore, since our March 2023 assessment, the commerce sector has witnessed attacks escalate from 1.2 billion to 1.9 billion, indicating a substantial 58% increase. The distribution of attacks within sub-verticals has stayed fairly stable (Figure 1).
Steve Winterfeld, Advisory CISO at Akamai, further explains,
"DDoS attackers use a variety of techniques to annoy, harass, and extort companies. These attacks cost little to launch and can do serious damage to a company’s brand."
This collaborative effort highlights the urgent need for the financial sector to prioritise cybersecurity, enhance defences, and comply with evolving regulations to fend off the persistent threat posed by DDoS attacks.
Papua New Guinea’s Finance Ministry suffered a crippling cyberattack, halting payments and exposing security gaps. Cyber experts warned PNG’s limited IT resources could prolong recovery. The attack raises concerns over data exposure, and the broader cyber threats facing Pacific nations.
In 2024, deepfakes became a major threat, causing market disruptions and privacy concerns. The rapid growth of AI technology has made digital deception easier, stressing the urgent need for enhanced verification systems to protect against misinformation and cyberattacks.
As 2025 begins, 2024’s AI breakthroughs stand out, but so do the cyber threats that accompanied them. From AI-powered phishing to deepfakes and cloud breaches, the year highlighted the delicate balance between innovation and security risks.
2024 saw hackers unleashing AI-powered phishing and deepfake scams, leaving agencies scrambling. From deepfake fraud to open-source malware, cybercrime surged. But as we head into 2025, there’s hope—smarter defenses and a chance to outsmart evolving threats. Stay cautious and prepared!
