Banks facing increasing denial-of-service attacks

Distributed denial-of-service attacks pose major risks for banks and preventing them could require significant long-term investment increases, according to a report from the Financial Services Information Sharing and Analysis Center. 

Attacks on financial institutions increased 22 percent last year, mainly from threat actors linked to geopolitical conflicts in Russia, China and Iran, according to the report. Distributed denial of service attacks use multiple connected online devices to overwhelm a target website with traffic, causing the page to either slow or be completely disabled. Threat actors that don’t have the skillset to launch DDoS attacks are instead using hackers through an ‘as-a-service’ model with only an internet connection and a dark web browser, according to FS-ISAC. Some providers agree to conduct the attack for the threat actor, while others provide access to an organization that can. 

The report comes as cybersecurity remains a top concern for community bankers. More than 60 percent of global financial institutions with at least $5 billion in assets were hit by a variety of cyberattacks in 2022, according to a recent survey from Contrast Security. Attacks have also become more intense in recent years, further testing bank security systems.“Thus far, these high intensity attacks have been minimally successful; however, higher intensity attacks could have impact,” according to FS-ISAC. 

“While this increase can largely be attributed to ‘hacktivists,’ another key factor is the evolution of DDoS extortion attacks with financially motivated actors,” the report said. “Finally, DDoS may also serve as a decoy, masking other more serious types of attacks such as malware or even espionage.” 

 To prevent cyberattacks, FS-ISAC called on banks to strictly limit access to administrative-level software and devices; require employees to use complex passwords; back up data from devices and apps to a secondary source away from the primary network; and regularly schedule and document software and app security updates and patches. 

“One best practice is hosting an alternate site on another ISP or content provider ahead of time, then redirecting traffic there in times of crisis,” the report said. “It can positively impact users’ confidence and help mitigate the reputational damage from the sudden, unexplained unavailability of services.”