In a recently published joint report, From Nuisance to Strategic Threat: DDoS Attacks Against the Financial Sector, FS-ISAC and Akamai provide an in-depth view of the growing scale and complexity of DDoS threats targeting financial institutions. This blog post examines some of the report’s key takeaways and insights, as well as MazeBolt’s take on the findings and conclusions.
The Financial Sector Takes a Hit
The report confirms what many already know: the financial services sector continues to be a top target for DDoS attacks.
In 2024, it faced the highest volume of volumetric DDoS incidents globally, with a notable spike in October which was linked to a cluster of significant geopolitical developments. These attacks increasingly relied on DDoS-as-a-Service and often involve the coordinated efforts of multiple threat actors.
More Application Layer Attacks
At the same time, application layer attacks increased by 23 percent, with API-specific attacks surging by 58 percent. Despite their lower volume, application layer attacks can be more damaging, often bypassing traditional DDoS defenses.
Notably, some attacks in 2024 caused service outages that persisted for several days. The attackers are more methodical and resourceful than in previous years, using probing tactics and advanced multi-vector campaigns to evade defenses and disrupt infrastructure.
The Role of Geopolitical Events
The report also links these attacks to geopolitical events, noting increased activity during high-profile political developments in Eastern Europe and the Middle East. Several attacks remain unattributed, reflecting the difficulty of tracing actions back to specific bad actors in an era of DDoS-for-Hire services.
Adding the MazeBolt Perspective
MazeBolt takes the recommendations provided by Akamai and FS-ISAC one step further.
MazeBolt’s approach involves continuously validating that automated DDoS protection solutions are working as intended. This is achieved by running continuous and nondisruptive DDoS vulnerability testing on the entire attack surface.
Continuous testing and validation enable the adoption of a proactive approach to DDoS protection – i.e., the identification and remediation of DDoS vulnerabilities before an attack succeeds. It allows enterprises to maintain fully automated DDoS mitigation responses, and it helps strengthen upstream partnerships – improving the security posture and coordination with third-party network and cloud service providers that an organization depends on.
Visibility Gaps are More Dangerous
While the report focuses on traffic spikes and volume metrics, MazeBolt’s testing data consistently shows that most organizations suffer from significant blind spots. In many cases, up to 75 percent of the DDoS attack surface remains unprotected, even with premium mitigation solutions in place. The key issue is not always the volume of the attack, but unseen vulnerabilities that are left open.
Outsourced Mitigation Is Not a Strategy
The report highlights the fact that the incident response of large financial enterprises may be dependent on the DDoS protection providers. While this statement is true, the risk needs to be better understood.
DDoS protection providers react to DDoS incidents in accordance with agreed Service Level Agreements (SLAs), which may still leave enterprises with damaging downtime. In contrast, testing and mitigating vulnerabilities is the best way to avoid damaging downtime – by making sure the entire attack surface is continuously tested, before an attack can occur.
One-Time Testing is Insufficient
Red teaming and tabletop exercises are recommended in the report. These certainly are useful – but completely insufficient as they are episodic and only typically cover less the 1% of the DDoS attack surface. MazeBolt challenges this model, asserting that defenses must be validated continuously and cover the entire attack surface.
A Call for Measurable Reduction in DDoS Risk
The report rightfully identifies DDoS as a strategic threat to the financial sector. These organizations that provide critical online services and support large customer bases are prime targets for DDoS attacks. Even brief disruptions can result in significant financial losses, erode customer trust, and impact regulatory obligations. The question is not how to react faster. It is how to prevent damage altogether.
RADAR by MazeBolt represents a shift in this mindset. By continuously identifying DDoS vulnerabilities and enabling their timely remediation, RADAR enables organizations to move beyond risk awareness toward measurable uptime assurance.
Are you investing in DDoS protection but still suffering DDoS damage? Speak with an expert!
FAQ
Why is the financial sector considered to be a primary DDoS target?
In 2024, the financial sector faced the world’s highest volume of volumetric DDoS attacks, including major incidents linked to geopolitical developments.
Are application layer attacks a growing problem?
Yes. According to recent research, application layer attacks rose 23 percent overall, with API-specific attacks jumping 58 percent and causing multi-day service outages.
How does MazeBolt’s approach differ from typical DDoS protection?
MazeBolt tests DDoS protections continuously and nondisruptively – to identify vulnerabilities before attacks cause business disruption.
What is the risk of relying only on DDoS mitigation vendors?
Even with Service Level Agreements (SLAs), DDoS mitigation vendors may be unable to eliminate damaging DDoS downtime. In contrast, the continuous DDoS validation of RADAR™ by MazeBolt ensures mitigation gaps are addressed proactively.
Why is one-time red teaming not enough?
Red teaming only covers a fraction of the attack surface. MazeBolt promotes continuous validation across the full environment.
What is the danger of visibility gaps in DDoS defense?
Blind spots leave up to 75 percent of the attack surface vulnerable, even with premium mitigation tools.
What result does MazeBolt aim to deliver with RADAR?
RADAR helps reduce risk by continuously and nondisruptively surfacing DDoS vulnerabilities and misconfigurations. RADAR stops damaging DDoS downtime with its proactive approach to remediating DDoS vulnerabilities.
