The UK’s Financial Conduct Authority (FCA) has revealed evidence of a dramatic and ongoing increase in the number of distributed denial-of-service (DDoS) attacks against the financial sector, with a quarter of those notified in the first six months of this year . DDoS, compared to 4% in 2021.
The data was disclosed through a Freedom of Information (FOI) request filed by Breach and Attack Simulation (BAS) specialist Picus Security, which said the data could indicate that the financial services industry could be vulnerable to nation-state attackers and Russia. Ongoing hacktivists are being targeted. The War on Ukraine – which has prompted similar surges against operators of critical national infrastructure (CNIs) and government bodies, particularly in NATO and NATO-aligned countries in Eastern Europe.
Given the heavy influence of British banks and financing in global affairs, and London’s pre-war status as a money-laundering center for Russian oligarchs, it becomes easy to see why the financial sector may be targeted. .
Suleiman Ozerslan, co-founder of Pickus and vice president of Pickus Labs, said, “DDoS attacks are a concern for financial institutions, with the potential to disrupt their operations and even bring them down completely. “
“Britain’s financial institutions are in the crossfire of the ongoing war between Russia and Ukraine and have become a direct target for nation-state raiders and hacktivists trying to disrupt Ukraine’s allies.
That said, the observed increase in DDoS attacks coincides with the increase seen in DDoS-for-hire websites, and ransomware operators have used DDoS as an additional tactic to pressure victims to pay. .
Many of these DDoS attacks also appear to be of the more sophisticated, carpet-bombing type, a popular method (especially among nation-state actors). In such attacks, more than one IP address on the target is bombed at the same time, with a small amount of traffic per host.
“As a result, reducing them can be extremely difficult,” Ozerslan said. “To mitigate risks, businesses need to be able to investigate large traffic volumes over time and respond rapidly to anomalies that threaten network availability.”
Pickus said that until now, such attacks have mainly targeted Internet Service Providers (ISPs) and CNI operators, but now the finance sector was clearly a target as well.
All told, the FCA said it received 55 reports of “physical” cyber incidents in the first half of 2022, a decrease of 73 to 25% compared to the same period in 21 – about 35 of these, or 64% of these, Because of cyber attacks.
Over the same period, it was also discovered that the number of cyber incidents involving malware and phishing was 75% and 50% lower, respectively, and the number of incidents involving ransomware was down 63%.
“While it is encouraging that financial firms reported fewer cyber incidents in the first half of 2022 than they did during the same period in 2021, there is no time for complacency,” Ozerslan said.
“As threats develop, financial institutions should continue to tighten their defenses. This includes verifying that security controls and procedures provide protection against the latest risks.”
The FCA is responsible for regulating more than 50,000 financial services firms, all of which must promptly report any physical cyber incidents. Such events are defined as one that results in a significant loss of data, or the availability or control of an IT system; Affects a large number of victims; or as the result of unauthorized access to its information and communication systems or by malicious software.
