A report from the Financial Services Information Sharing and Analysis Center (FS-ISAC) and cybersecurity company Akamai Technologies Inc. shows that financial institutions in the Asia Pacific (APAC) region experienced the highest number of distributed denial-of-service (DDoS) attacks in 2024. The region accounted for 38% of all volumetric DDoS attacks worldwide, a significant jump from 11% in 2023.
Titled “From Nuisance to Strategic Threat: DDoS Attacks Against the Financial Sector,” the report describes how DDoS attacks have evolved into a serious threat to operations, customer trust, and profitability. Akamai’s findings show that more than 20 financial institutions in six APAC countries were affected in 2024, with many of the attacks likely carried out by a single hacker group. These incidents reflect how cybercriminals are becoming more skilled and organized.
“As threat tactics continue to evolve, we must ensure our technical defences evolve and our people, tools, and processes work seamlessly together,” said Teresa Walsh, chief intelligence officer and managing director, EMEA at FS-ISAC. “It is critical that we harden our infrastructure and foster a culture of continuous vigilance and collaboration to protect continuity and customer trust.”
The financial sector remained the most common target for volumetric DDoS attacks, with activity peaking in October 2024. Cybercriminals are taking advantage of high bandwidths and better computing resources to carry out stronger, faster, and more frequent attacks.
The report also points to a 23% increase in DDoS attacks at the application layer between 2023 and 2024. These often targeted APIs and customer-facing websites, requiring knowledge of detailed technical weaknesses within a company’s system. This trend suggests that attackers are gaining deeper insight into how financial systems operate.
DDOS for hire
Another concern is the growing use of DDoS-for-Hire services. These allow attackers to carry out operations without revealing their identity, making it harder for institutions to determine the motive and respond effectively.
Geopolitical conflicts have also played a role, according to the report. Tensions related to the Hamas-Israel and Russia-Ukraine wars have led to more politically motivated cyberattacks, further increasing pressure on financial institutions to strengthen their defences.
“These attacks strive to exhaust an institution’s network infrastructure and, in turn, drain the resources used to defend against them,” said Steve Winterfeld, advisory CISO of Akamai. “The implementation of mitigation strategies, robust cyber hygiene fundamentals, and industry best practices can help the sector defend against the evolving risk.”
To help institutions assess their ability to respond to such threats, FS-ISAC and Akamai introduced a five-level DDoS Maturity Model. It outlines risk factors, current defence strategies, and potential improvements for institutions at various stages of cybersecurity readiness. The model aims to support better planning, investment, and response strategies in the face of changing threats.
The findings reflect how financial institutions, especially in APAC, are facing a more complex and aggressive cybersecurity environment that calls for stronger collaboration and improved defence systems.
Get the latest before it trends. Follow Back End News on LinkedIn, Facebook, X, YouTube, and TikTok for updates and in-depth coverage across the tech and security landscape.