The risk of distributed denial-of-service (DDoS) attacks is growing, it seems, by the minute. According to the 2019 Global DDoS Threat Report, the frequency of DDoS attacks worldwide increased by 39% between 2018 and 2019. What’s more, the number of attacks between 100 and 400 Gbps in size — large enough to disable substantial parts of ISP networks — grew by a whopping 776%. The largest number of attacks in 2019 — 24.7% to be precise — targeted vulnerable systems in the US, which is unsurprising given the sheer size of the US internet economy.
While anyone can become the victim of a DDoS attack, financial service providers are at particularly high risk. They certainly have a lot to lose: cyberattacks cost financial institutions an average of $18 million per firm, which is more than any other industry. For that reason, it is crucial for financial tech professionals to stay vigilant and well-informed of the risks involved and protect their systems against potential attacks.
What Is a DDoS Attack?
DDoS attacks flood networks and servers with an overwhelming amount of traffic. As the system is unable to handle so many requests, it crashes and becomes vulnerable to abuse.
There are two main types of DDoS attacks: bombardment and technological infection.
Bombardment, also known as volumetric attacks, is a coordinated attack originating from a large number of devices. The sheer volume of traffic “bombards” the system. Hackers typically target Layer 3 of the OSI/RM. Such attacks are measured in megabits (Mbps) per second or packets per second (PPS).
Bombardment attacks can be either burst or long term. Burst attacks are relatively short-lived and often target unprotected Internet-of-things (IoT) devices, making them more difficult to trace. That allows hackers to generate high volumes of traffic in a minute or a few seconds. In contrast, long-term attacks can last hours, days, or even weeks.
These types of DDoS are often referred to as Layer 7 attacks, as they infect applications and manipulate them to do their bidding. IoT devices such as phones, tablets, baby monitors, and smart household appliances are particularly vulnerable to Layer 7 attacks.
Technological infestation can also compromise mission-critical cloud-based service applications on a massive scale. As businesses now increasingly move toward microservices and cloud storage, Layer 7 attacks should become even more prevalent.
How Do DDoS Attacks Work?
Hackers often use vast networks of computers called botnets to wage their attacks. Botnets are compromised devices such as IoT appliances, servers, routers, or workstations managed by a central server.
However, a DDoS attack can also be carried out from non-compromised computers that have been misconfigured or tricked into joining a botnet network.
In addition to computer networks, attackers increasingly harness the power of machine learning and artificial intelligence (AI). DDoS botnets use what can be highly complex machine learning methods to locate vulnerable systems. They also make use of AI to avoid detection by reconfiguring themselves and swapping attack strategies.
Hackers also use credential staling, social engineering, and even physical attacks on servers and computers. That makes DDoS a complex and multidimensional phenomenon that requires several levels of protection.
The Dangers of DDoS for Financial Institutions Vulnerable
Banks and other financial institutions are especially enticing to cybercriminals, and no wonder — there is a ton of profit to be made there. But what is it that makes financial institutions vulnerable to DDoS attacks in the first place? Here are three major system weaknesses that hackers often exploit.
If a system works well, an IT department may be tempted to reuse it multiple times — especially if it took a lot of time and effort to build it. Service automation and replication may save resources in the short term but creates monocultures where dozens and sometimes even hundreds of the same structures exist simultaneously.
Monocultures make ideal targets for DDoS attackers. They only need to identify a single weak point or design a single piece of malware to exploit multiple systems.
Skipping best security practices when building or implementing a new solution — whether it is a software product, a web server, or a cloud service — is a bad idea. Organizations that neglect essential development steps may save time and money in the short term but will pay a high price in the future, hence the term “technical debt.”
A typical example would be IoT devices that come with powerful networking connectivity but no default password. Hackers can easily recruit such devices into their botnet collectives.
The more complex and interconnected a system is, the more difficult it becomes to monitor, operate, and protect against cyberattacks. However, sophistication is often necessary and even unavoidable, especially in the financial industry.
What Devices and Systems Are Most Vulnerable to DDoS Attacks?
DDoS attackers often target any or all of the following to gain control of a network:
- Social media accounts
- Endpoints connected to a network, such as mobile devices, servers, and workstations
- Operational technology, which is often the target of DDoS attacks when the goal is to compromise infrastructure
- ISP or cloud providers, because they connect to multiple users
The Consequences of DDoS Attacks for Financial Institutions
These are best illustrated by a couple of real-life examples.
In December 2019, US federal prosecutors charged two Russian nationals with what was quite possibly one of the largest cybercrimes in history. Hackers Igor Turashev and Maksim Yakubets waged a DDoS attack on a bank and several other Pennsylvania-based institutions. Prosecutors claim the duo amassed over $3 million and are further responsible for tens of millions of dollars in damages.
More recently, in August 2020, several government agencies, including the FBI, the US Treasury, the US Cyber Command, reported that a North Korean hacker group stole tens of millions of dollars in 2020 alone. Among other things, the attackers hacked ATM machines, disrupting cash-withdrawal services for weeks or months on end.
Protecting Financial Institutions Against DDoS Attacks
Unfortunately, it seems that DDoS attacks are here to stay, at least for the foreseeable future. No matter how advanced our security systems become, hackers will always be one step ahead. Therefore, knowing how to protect financial institutions from DDoS attacks and taking out a comprehensive cyber liability insurance cover is critical.
Otherwise, they risk losing a lot more than mere cash. DDoS attacks can bring down banking websites, online services, and ATMs, resulting in reputation damage, a decrease in consumer trust, and even capital risks.