of the United Kingdom Financial Conduct Authority (FCA) numbers reveal evidence of a dramatic and ongoing surge Denial of Service Delivered (DDoS) attacks against the financial sector, a quarter of incidents involved DDoS in the first six months of this year, up from 4% in 2021.
The information was released through a Freedom of Information (FOI) request filed by Breach and Attack Simulation (BAS) experts. Picus SecurityThat said, the data may indicate that the financial services industry is being targeted by nation-state attackers and hacktivists linked to Russia’s ongoing war against Ukraine – which has driven similar waves Against operators of Critical National Infrastructure (CNI) and government agencies, particularly in NATO and NATO-affiliated countries in Eastern Europe.
Given the huge influence of British banks and London’s pre-war status as a financing and money laundering center for Russian oligarchs in global affairs, it becomes easy to see why the financial sector might be targeted.
“DDoS attacks are a concern for financial institutions, with the ability to disrupt their operations and even bring them down entirely,” said Suleiman Ozerslan, co-founder of Picus and vice-president of Picus Labs.
“UK financial institutions are in the crossfire of the ongoing war between Russia and Ukraine and have become a direct target of nation-state attackers and hacktivists seeking to disrupt Ukraine’s allies.
That said, the observed increase in DDoS attacks can be seen with DDoS-for-hire websites and ransomware operators using DDoS as an additional tactic to pressure victims to pay.
Many of these DDoS attacks appear to be more sophisticated, carpet-bombing types, a popular approach (especially among nation-state actors). In this type of attack, multiple IP addresses on the target are bombarded at the same time with little traffic per host.
“As a result, they can be extremely difficult to mitigate,” says Ozerslan. “To mitigate risk, businesses need to be able to monitor large traffic volumes over time and respond quickly to anomalies that threaten network availability.”
Picas said that until now, such attacks had mainly targeted Internet Service Providers (ISPs) and CNI operators, but the financial sector was also now clearly a target.
All told, the FCA said it received reports of 55 “material” cyber incidents in the first half of 2022, down 73 to 25% from the same period in 2021 – with around 35, or 64% of these, caused by cyber attacks.
During the same period, it also revealed that the number of cyber incidents involving malware and phishing decreased by 75% and 50% respectively, and the number of incidents involving ransomware was down 63%.
“While it is encouraging that financial institutions reported fewer cyber incidents in the first half of 2022 than in the equivalent period in 2021, there is no time for complacency,” said Ozerslan.
“As threats evolve, financial institutions must proactively harden their defenses. This includes verifying that security controls and processes protect against the latest risks.
The FCA is responsible for regulating over 50,000 financial services firms, all of which must report any material cyber incidents immediately. Such events are defined as one that results in a significant loss of information, or the availability or control of IT systems; affects a large number of victims; or unauthorized access or malicious software appears in its information and communication systems.