Report: DDoS attacks reached record size in ‘23

Distributed denial-of-service attacks reached records in both size and sophistication last year, with the financial sector being the No. 1 target across much of the world, according to cybersecurity firm Akamai

DDoS attacks increased 154 percent on an annualized basis in 2023, according to global cyber intelligence company FS-ISAC. Despite that significant increase, mitigation measures were reportedly successful, and no significant impact was reported. 

DDoS attacks are malicious attempts to throw off the typical traffic of a targeted network, server or service by inundating either the victim or its nearby infrastructure with a flood of internet traffic. The increase in such attacks was linked to the ongoing war between Hamas and Israel as well as announcements from pro-Russia ‘hacktivist’ groups of their plans to launch large coordinated attacks on financial services.

 Last June, pro-Russian ‘hacktivist’ Killnet announced it would conduct major cyber attacks against the Western financial system. Another Russian-linked group, NoName, reportedly undertook daily attacks against critical infrastructure organizations last year. 

According to the report, criminal groups, ransomware attackers and nation-states also rely on such attacks to distract organizational resources while a threat actor undertakes another type of attack. Large-scale attacks cost little to undertake using DDoS-for-hire services and underground markets.  

Akamai recommended banks use their cyber defenses to protect their operations and remain compliant amid evolving regulations. Threat intelligence programs should include geopolitical analyses and considerations, as the financial sector is likely to continue to be targeted in future geopolitical conflicts, the company said. 

“Though DDoS attacks infrequently interrupt internal operations or extract data from mature financial services organizations, they can have an outsized impact on customer confidence,” according to the report. “When a website is unavailable — even for seconds — customers can infer that the entire organization is compromised, which damages the firm’s reputation.”