Financial services firms are increasingly targeted by DDoS attacks.

2025-06-19

Distributed Denial-of-Service (DDoS) Attacks: A Threat to Financial Institutions

The financial industry has become a prime target for malicious entities looking to disrupt network operations through DDoS attacks. Research by the Financial Services Information Sharing and Analysis Center (FS-ISAC), in collaboration with cybersecurity firm Akamai, highlighted an exponential increase in such attacks from 2014 to 2024. October saw the highest recorded instances, totaling 350 events.

The financial sector faced the most significant number of DDoS attacks during this period, and their frequency continued to rise. These incidents targeted not only websites but also APIs crucial for activities like logins and payments.

APIs: The Infrastructure Backbone

Modern banking relies heavily on APIs as a critical component of its infrastructure. These connections enable seamless interaction between banks and their partners, facilitating services from credit scoring to peer-to-peer transactions. Despite the benefits, rapid API adoption has created a broader attack surface for malicious actors.

While DDoS attacks often pose minimal threats due to robust defenses in financial institutions, the study pointed out that these assaults are becoming more sophisticated. They now involve complex multi-dimensional attacks targeting vulnerabilities across the entire supply chain.

The Evolution of DDoS Attacks

The sophistication of DDoS attacks is growing, moving from basic network flooding to targeted, multifaceted assaults. According to Teresa Walsh, FS-ISAC’s Chief Intelligence Officer and Managing Director for EMEA, These new forms of attack are evolving to exploit intricate vulnerabilities.”

DDoS as a Service

The rise in DDoS usage has made it easier for cybercriminals to outsource their operations. This trend aligns with the broader growth of cybercrime-as-a-service models, where criminals provide illicit services such as malware for financial gain. These services offer enhanced capabilities on a wider scale, posing ongoing challenges for financial institutions.

To combat these threats effectively, financial institutions must continue to innovate and explore new defense strategies, moving beyond traditional approaches to stay ahead of evolving cyber risks.