The UK financial sector was subject to a surge in distributed denial of service (DDoS) attacks in the first half of 2022 after Russian forces invaded Ukraine.
A quarter of cyber incidents reported to the FCA in the first half of 2022 involved DDoS attacks, according to data handed to Picus Security through a Freedom of Information request. This figure is up from 4% in the previous year. In fact, there were more incidents involving DDoS reported to the FCA in March and April 2022 than there were during the whole of 2021.
This significant increase in DDoS activity is most likely explained by nation-state attackers and hacktivists targeting western nations during the ongoing Russia/Ukraine conflict. Countries like the UK, US and Germany were among the first to implement sanctions against Russia
“DDoS attacks are a concern for financial institutions, with their ability to disrupt operations and even bring them down entirely,” says Dr. Suleyman Ozarslan, Picus Security co-founder. “UK financial institutions are in the crossfire of the ongoing war between Russia and Ukraine and have become a direct target for nation-state attackers and hacktivists seeking to disrupt Ukraine’s allies
Carpet-bombing, a term used to describe a sophisticated type of DDoS attack, has emerged as a popular method of attack among nation-state attackers as well as patriotic hacktivist groups. To-date, carpet-bombing attacks have been primarily used against internet services companies and critical infrastructure providers but the finance sector is now also a target.
“Carpet-bombing attacks are less likely to trigger DDoS detection mechanisms because they generate a smaller amount of traffic per target host,” says Ozarslan. “As a result, they can be extremely difficult to mitigate.”
“To reduce the risks, businesses must be able to scrutinize large traffic volumes over time and respond swiftly to anomalies that threaten network availability.”
Although the primary reason behind the uptick in DDoS is highly likely the ongoing war in Ukraine, says Ozarslan, other factors may also be in play. DDoS attacks are now increasingly used by ransomware gangs to extort money. The proliferation of DDoS for hire websites also makes this form of attack more accessible to less technically sophisticated cybercriminals.
Double extortion methods involve cybercriminal gangs pressuring their targets to pay a ransom by leaking data online, informing customers/the media about the breach, or disrupting operations through the use of DDoS.
“As threats evolve and the war in Ukraine continues, financial institutions must continue to proactively harden their defenses, says Ozarslan. This includes validating that security controls and processes are effective at defending against the latest risks.”