DDoS attacks on financial firms increase during Ukraine war
DDoS attacks made up 25 percent of the cyber incidents submitted to the UK's Financial Conduct Authority in the first half of 2022, compared to just four percent in 2021.
Analysis by attack simulation specialist Picus Security of information obtained from the FCA under a freedom of information request shows the rise also coincides with a reported increase in DDoS for hire websites and ransomware operators using DDoS as a tactic to pressure and extort money from targets.
Picus believes the primary reason for the significant increase in DDoS attacks is UK finance firms being targeted by nation-state attackers and hacktivists during the ongoing Russia-Ukraine conflict. DDoS attacks, including sophisticated 'carpet-bombing', are often used against providers of critical infrastructure to try to disrupt operations and deny access to vital services.
Dr. Suleyman Ozarslan, Picus Security co-founder and VP of Picus Labs, says:
DDoS attacks are a concern for financial institutions, with their ability to disrupt operations and even bring them down entirely. UK financial institutions are in the crossfire of the ongoing war between Russia and Ukraine and have become a direct target for nation-state attackers and hacktivists seeking to disrupt Ukraine’s allies.
While it's encouraging that financial firms reported fewer cyber incidents in the first half of 2022 than they did during the equivalent period in 2021 there is no time for complacency. As threats evolve, financial institutions must continue to proactively harden their defenses. This includes validating that security controls and processes provide protection against the latest risks.
Among other findings, overall incident levels are down, the FCA receiving 55 reports of 'material' cyber incidents in the first half of 2022, down 25 percent from 73 in H1 2021. The number of cyber incidents in H1 2022 involving malware and phishing also decreased by 75 percent and 50 percent respectively, compared to the same period in 2021.
You can find out more on the Picus blog.
Photo Credit: Fabio Berti/Shutterstock