When the topic turns to cyberattacks on financial institutions it’s all too easy to think of data breaches and not much else. With data breaches affecting tens of millions of people at once so often in the news it isn’t surprising that this is where the mind automatically goes, however, it is short-sighted…which is exactly what a certain type of cyberattacker is counting on.
DDoS attacks are designed to disrupt online services, but for industries like finance the consequences can go much deeper than just downtime, and where there are big DDoS consequences, there tends to be a big DDoS bullseye.
Here are five reasons the financial industry is wearing one.
1. Competition is the root of all evil
Sure the saying is generally money is the root of all evil, but tomayto tomahto. Distributed denial of service or DDoS attacks, when they succeed, make it impossible for users to access the targeted website or service. In a digital world full of instant gratification, it generally ranks somewhere between frustrating and infuriating to not be able to do the thing you want to do precisely when you want to do it.
Thus, DDoS attacks have become a big underhanded tactic for organizations willing to play dirty with their competition. The frustration a financial institution’s customers feel when they are unable to access the services they’re paying for, especially repeatedly, can easily fuel a loss of loyalty severe enough to prompt customers to switch to institutions who seemingly take security more seriously. Finance is a hugely competitive industry, which leads to it routinely landing either in the top five industries most targeted by DDoS attacks, or just outside of the top five.
2. Data breaches are easier when a security team is distracted
And just like that the topic has turned to financial institutions and data breaches once again. For organizations that don’t have DDoS mitigation as a managed service, mitigation efforts have to be handled by IT and security staff, and because DDoS attacks have the power to wipe out not just internet-facing services but backend systems, dealing with them is an all-hands-on-deck situation.
Like throwing a Molotov cocktail through a front window and sneaking in the backdoor, DDoS attacks serve as a major distraction which attackers often use to steal data, inject malware, or unleash a virus or ransomware. With funds and payment card information potentially ripe for the picking, distraction DDoS attacks are a constant threat for financial institutions.
3. Nation states aren’t just targeting government services
One might assume that the cyber warfare that’s going on between nations consisting of state-sponsored groups hacking government services and websites or targeting rival intelligence agencies. While that is surely occurring, many state-sponsored DDoS attacks are taking aim at financial institutions because of the unrest and chaos major disruptions to the financial sector can cause in a nation. For these reasons, Russia has famously targeted the Ukraine and Estonia’s financial institutions, an Iranian group has taken aim at dozens of banks in the United States, and the Lazarus group out of North Korea has spent years smashing targets all over the world. Beyond potentially causing unrest in an economy, these attacks also serve to educate the attackers on financial institutions’ ability to respond to attacks, information that could ultimately be used to shape larger and even more damaging coordinated attacks.
4. The lulz are still a powerful motivator
It feels strange to go from state-sponsored attacks to bored teenagers, but distributed denial of service attacks is that magical topic that can make it happen. Many DDoS attackers – including infamous groups like Lizard Squad, LulzSec and PoodleCorp – perpetrate a lot of their assaults simply because they enjoy the outcry that follows on social media and in the traditional media, and they like the attention that accompanies it. Industries like financial services, online gaming and cryptocurrency get smashed by attacks that are basically done for fun because users who can’t access these services are (understandably) incensed and take to the internet in droves to complain.
Take for example the nearly week’s worth of attacks that were perpetrated against Dutch banks and the Dutch tax authority in January of this year. The attacks were so devastating to the Dutch financial sector that the world quickly pointed the finger at Russia, assuming they’d taken aim in retaliation for Dutch intelligence informing on Russia’s alleged cyberattacks during the 2016 US election. In actuality the attacks were undertaken by a Dutch teen who, when asked why he’d launched the attacks, told a newspaper that he did it because it was funny, especially when everyone started to panic and blame the Russians, and that the media attention was reason enough to do it. That about sums it up.
The four reasons financial institutions are so severely targeted by distributed denial of service attacks double as reasons financial institutions need top of the line DDoS mitigation – cloud-based for scalability, equipped with granular traffic inspection and scrubbing servers capable of handling 500+ Gbps and an SLA-guaranteed time to mitigation under 10 seconds to keep an attack from gaining a foothold. Anything less and you’re looking at four reasons customers could be abandoning a financial institution in droves.