Full Report
The financial sector was the industry most targeted by distributed denial-of-service (DDoS) attacks in 2024, with a peak in October
Analysis Summary
# Incident Report: Surge and Escalation of DDoS Attacks Against the Financial Sector (2014-2024)
## Executive Summary
The financial sector has experienced an almost exponential increase in the scale and sophistication of Distributed Denial of Service (DDoS) attacks between 2014 and 2024, evolving them from a "nuisance" to a "strategic threat." By October 2024, the volume peaked at nearly 350 distinct volumetric DDoS events monthly, significantly outpacing other targeted sectors. This report synthesizes the trend data highlighting the sector's sustained status as the top target for these disruptive attacks.
## Incident Details
- **Discovery Date:** June 10, 2025 (Date of FS-ISAC/Akamai report publication)
- **Incident Period:** Trend analysis covering 2014 to October 2024
- **Affected Organization:** The Global Financial Services Sector
- **Sector:** Financial Services
- **Geography:** Global (Implied by the scope of FS-ISAC reporting)
## Timeline of Events
### Initial Access
- **Date/Time:** Gradual escalation noted from 2014 to 2024. Peak activity referenced in October 2024.
- **Vector:** Volumetric Distributed Denial of Service (DDoS) attacks.
- **Details:** Attacks involved sending hundreds, millions, or billions of individual malicious requests against financial service targets.
### Lateral Movement
N/A for this generalized report on volumetric DDoS trends.
### Data Exfiltration/Impact
- **Impact:** Operational disruption stemming from service unavailability indicated by high traffic volumes.
### Detection & Response
- **How it was discovered:** Continuous monitoring and aggregation of threat intelligence by FS-ISAC and Akamai.
- **Response actions taken:** Threat intelligence sharing via the FS-ISAC report to advise member organizations of the deteriorating threat landscape.
## Attack Methodology
- **Initial Access:** Volumetric DDoS over the internet targeting public-facing services.
- **Persistence:** Not applicable (DDoS attacks are typically short-lived events, not designed for long-term persistence).
- **Privilege Escalation:** Not applicable.
- **Defense Evasion:** The sophistication implies attackers are utilizing advanced botnets or attack methods to overwhelm existing volumetric defenses.
- **Credential Access:** Not applicable.
- **Discovery:** Not applicable.
- **Lateral Movement:** Not applicable.
- **Collection:** Not applicable.
- **Exfiltration:** Not applicable.
- **Impact:** Denial of service resulting in operational impairment.
## Impact Assessment
- **Financial:** Implied significant business costs due to service outages and required scaling of defensive infrastructure.
- **Data Breach:** No data exfiltration specifically mentioned; the impact is purely availability/disruption.
- **Operational:** Severe disruption to critical financial services indicated by the scale of the attacks.
- **Reputational:** Implied negative impact on customer trust due to service unavailability.
## Indicators of Compromise
*Note: As this is a trend report, specific IoCs are generalized based on attack type.*
- **Network indicators:** High volume, burst traffic targeting external IP ranges of financial entities.
- **File indicators:** Not applicable (Application/Network Layer attacks).
- **Behavioral indicators:** Sudden, massive spikes in request volume exceeding normal baselines across the financial sector.
## Response Actions
- **Containment measures:** (Implied, required defenses based on the nature of DDoS) Infrastructure scaling, rate limiting, and implementation of advanced DDoS mitigation services (e.g., scrubbing centers).
- **Eradication steps:** Not applicable for mitigation of external attacks, but required cleanup/post-incident analysis after each event.
- **Recovery actions:** Restoring normal service availability following traffic mitigation.
## Lessons Learned
- **Key takeaways:** DDoS attacks have fundamentally shifted from being a minor annoyance to a primary, strategic threat vector for the financial sector, demanding significant security investment.
- **What could have been done better:** The consistent maintenance of the #1 targeted rank suggests that mitigation strategies across the sector are still being severely challenged by the rising sophistication of threat actors.
## Recommendations
- **Prevention measures for similar incidents:**
1. **Proactive Capacity Planning:** Ensure network and application infrastructure can dynamically handle multi-terabit or complex application-layer attacks.
2. **Enhanced Threat Intelligence Sharing:** Increase participation and granularity within frameworks like FS-ISAC to rapidly disseminate signatures for emerging DDoS techniques.
3. **Layered Defense Review:** Regularly test security postures against sophisticated, multi-vector DDoS simulations that emulate the observed exponential scaling.