The Akamai report further found that financial services industry was the third-most targeted industry in DDoS attacks during the reporting period. The number of organizations attacked, financial services ranks first. More than 40% of all organizations targeted by DDoS attacks fell within the financial services industry. In other words, attacks against gaming and high tech targets were focused on a few organizations, while DDoS attacks against the financial services industry were spread across a larger number of organizations.
DDoS attacks are not only an effective means of getting the victim’s attention, but they can also obfuscate other types of attacks, including SQLi and LFI
The median packet per second (pps) has remained consistent over the past 24 months. The peak pps for attacks against financial services was consistently higher when compared with attacks across all verticals. Pps is an important measure of attack traffic when DDoS is targeting application or network vulnerabilities. Given the smaller data set of financial services customers, the median is more heavily influenced by individual attacks than the overall measurement of pps.
On April 25, 2019, an incident reaching 113 million pps and 39 gigabits per second (Gbps) targeted an online bank and credit card issuer, making it the largest attack by pps across all verticals for the year. While the packet count for this attack was extremely high, individual packets were relatively small, limiting the volume of traffic created.
On April 22, 2019, a DDoS attack against a wellknown and established bank used six different attack types, including SYN and UDP flooding, UDP fragmentation, RESET floods, Netbios floods, and CLDAP reflection. The attack reached a peak of 160 Gbps and 32 million pps. It is common for a single attack to use multiple attack types, with reflectors like CLDAP being responsible for amplifying the attacker’s traffic.
(Image Courtesy: www.techworld.com)