Search
00
GBAF Logo
trophy
Top StoriesInterviewsBusinessFinanceBankingTechnologyInvestingTradingVideosAwardsMagazinesHeadlinesTrends

Subscribe to our newsletter

Get the latest news and updates from our team.

Global Banking & Finance Review®

Global Banking & Finance Review® - Subscribe to our newsletter

Company

    GBAF Logo
    • About Us
    • Advertising and Sponsorship
    • Profile & Readership
    • Contact Us
    • Latest News
    • Privacy & Cookies Policies
    • Terms of Use
    • Advertising Terms
    • Issue 81
    • Issue 80
    • Issue 79
    • Issue 78
    • Issue 77
    • Issue 76
    • Issue 75
    • Issue 74
    • Issue 73
    • Issue 72
    • Issue 71
    • Issue 70
    • View All
    • About the Awards
    • Awards Timetable
    • Awards Winners
    • Submit Nominations
    • Testimonials
    • Media Room
    • FAQ
    • Asset Management Awards
    • Brand of the Year Awards
    • Business Awards
    • Cash Management Banking Awards
    • Banking Technology Awards
    • CEO Awards
    • Customer Service Awards
    • CSR Awards
    • Deal of the Year Awards
    • Corporate Governance Awards
    • Corporate Banking Awards
    • Digital Transformation Awards
    • Fintech Awards
    • Education & Training Awards
    • ESG & Sustainability Awards
    • ESG Awards
    • Forex Banking Awards
    • Innovation Awards
    • Insurance & Takaful Awards
    • Investment Banking Awards
    • Investor Relations Awards
    • Leadership Awards
    • Islamic Banking Awards
    • Real Estate Awards
    • Project Finance Awards
    • Process & Product Awards
    • Telecommunication Awards
    • HR & Recruitment Awards
    • Trade Finance Awards
    • The Next 100 Global Awards
    • Wealth Management Awards
    • Travel Awards
    • Years of Excellence Awards
    • Publishing Principles
    • Ownership & Funding
    • Corrections Policy
    • Editorial Code of Ethics
    • Diversity & Inclusion Policy
    • Fact Checking Policy
    Original content: Global Banking and Finance Review - https://www.globalbankingandfinance.com

    A global financial intelligence and recognition platform delivering authoritative insights, data-driven analysis, and institutional benchmarking across Banking, Capital Markets, Investment, Technology, and Financial Infrastructure.

    Copyright © 2010-2026 - All Rights Reserved. | Sitemap | Tags

    Editorial & Advertiser disclosure

    Global Banking & Finance Review® is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

    1. Home
    2. >Technology
    3. >CYBER THREATS TO EXPECT IN 2014: SSL AND MOBILE API-BASED DDOS ATTACKS
    Technology

    Cyber Threats to Expect in 2014: Ssl and Mobile API-Based Ddos Attacks

    Published by Gbaf News

    Posted on January 23, 2014

    10 min read

    Last updated: January 22, 2026

    Add as preferred source on Google
    In this image, Polish President Andrzej Duda is signing the 2025 budget, which he plans to send to the Constitutional Tribunal for review. This significant financial decision impacts Poland's economic future and governance.
    Polish President Andrzej Duda signs the 2025 budget amid constitutional review - Global Banking & Finance Review
    Why waste money on news and opinion when you can access them for free?

    Take advantage of our newsletter subscription and stay informed on the go!

    Subscribe

    In the past holiday season, revenue of online retailers in the US soared to an unprecedented 55.2 billion dollars. This e-commence boom has tremendously benefited the online banking industry, as most transactions are completed via e-banks. However, criminals are increasingly intercepting transaction traffic in order to steal confidential information such as user account information or credit card numbers. In dire cases, customer bank accounts are directly compromised.

    ssl and mobile api-based ddos attacks

    ssl and mobile api-based ddos attacks

    As a counter measure, most online retailers and banks adopt SSL solutions to encrypt traffic containing confidential information. The standard security technology for creating an encrypted connection between a web server and a browser, SSL ensures that all data connections remain private and secure. Implementation of SSL in a HTTPS website is usually indicated by the padlock icon or green address bar in web browsers.

    SSL Susceptible to DDoS

    SSL is extremely vulnerable to DDoS (distributed denial-of-service) attacks due to the inherent nature of its implementation: the way the system consumes resources is asymmetric.  The encryption key exchange and handshake process of SSL consume more resources on the server-end, at least ten times the resources of a normal connection. An attacker could single handedly challenge high-performance servers through SSL handshake requests, commonly known as SSL renegotiation attacks.

    Due to the widespread adoption of SSL, financial companies are the main victims of SSL attacks. Driven by greed, commercial competition or even hacktivism, attackers are causing astronomical financial and reputational losses to the banking industry.

    • In 2012, a Hong Kong gold trading platform was taken down by malicious attackers, accursedly from China for blackmailing purpose, who exploited a flaw in the server’s SSL renegotiations.
    • From 2012 to 2013, Izz ad-Din al-Qassam Cyber Fighters, a Muslim hacker group, launched several waves of DDoS attacks against US-based financial institutions in response to an anti-Islam video. Websites of several financial giants, including Bank of America, Wells Fargo and PNC, were knocked out.
    • In 2013 banks and TV stations in South Korea were hit by debilitating DDoS attacks. Three financial institutions and two insurance firms were partially or completely crippled. North Korea was the culprit.

    In recent years the adoption of Bitcoin as a virtual currency has led to huge increases to its market capitalization. The growth in its value has brought about waves of cyber crimes aimed at manipulating prices, camouflaging Bitcoin theft and blackmailing. Similar to the finance industry, virtual currency platforms also use SSL encryptions.

    Though SSL has been an essential investment for countless businesses, recent attacks targeting SSL-protected sites have proved the security technique is not ironclad. The once impeccable SSL is a new favorite target for cybercriminals.

    Mobile Banking Threatened By Fragile Web APIs

    As we move towards a mobile-first world, banks are placing a great emphasis on mobile applications that enhance customer service and loyalty. These apps connect users with the bank’s online infrastructure and consume data via APIs. The next wave of DDoS attacks may very well target APIs in order to disable these mobile gateways.

    Malicious attackers can makes excessive connections to APIs under the guise of legitimate users to block normal access. And unlike a web page that’s been taken offline, this kind of attack is rather hidden. Since the app can still be launched on mobile devices, users may simply blame their mobile network and assume they have lost coverage, instead of suspecting that the app has been compromised. Bank customers are increasingly using apps as their main channel for banking transactions, so API attacks may have drastic consequences in the future.

    Security in the Year Ahead

    Detecting and mitigating SSL and API-based DDoS attacks has long been a headache for security vendors, since there is no sudden traffic spike or obvious signatures. Attacker can easily forge small amounts of requests that trigger SSL handshakes or exploit web APIs to exhaust resources on the target server.

    As cyber criminals continue to refine their attack methods and exploit security flaws, financial institutions must regularly audit their systems for weaknesses. It is also imperative they adopt solutions that are proactive in order to anticipate and successfully defend against next-generation attacks.

    DDoS Problem Resolved Through Human Identification

    • NexQloud’s answer to the DDoS problem lies within its proprietary human identification engine – Qlo. Qlo’s “identifying the human” philosophy is a simple 3-step process: deny non-humans, eject bad humans, and manage good humans.
    • When SSL traffic is passing through, Qlo first identifies the source of SSL requests and allows only human requests to process. Qlo then further determines the intent of human requesters based on user reputation and behavior patterns; those flooding the server with excessive SSL requests will be flagged as troublemakers, and ejected from the system automatically.
    • Qlo relieves servers of the heavy computational burden from negotiating handshakes of legitimate requests by offloading the decryption process to NexQloud, speeding up SSL handshakes by reusing existing SSL sessions.
    • NexQloud’s virtual API throttling system intelligently implements policies to control access to APIs based on the traffic type and usage patterns; calls to APIs are also rate-limited to assure availability.

    When a website protected by NexQloud is overloaded by too many visitors (i.e. holiday season or promotions), NexQloud starts a queuing mechanism automatically before a flash crowd forms and slows down the website.

    About NexQloud

    NexQloud (http://www.nexqloud.com) is the world’s newest and most innovative cloud-based DDoS mitigation and uptime management platform. Powered by the world’s first Human Identification engine, NexQloud offers fully automated protection with no software or hardware changes required. Our unique human identification approach protects financial institutes against all types of DDoS attacks, including SSL and API-based attacks.

    In the past holiday season, revenue of online retailers in the US soared to an unprecedented 55.2 billion dollars. This e-commence boom has tremendously benefited the online banking industry, as most transactions are completed via e-banks. However, criminals are increasingly intercepting transaction traffic in order to steal confidential information such as user account information or credit card numbers. In dire cases, customer bank accounts are directly compromised.

    ssl and mobile api-based ddos attacks

    ssl and mobile api-based ddos attacks

    As a counter measure, most online retailers and banks adopt SSL solutions to encrypt traffic containing confidential information. The standard security technology for creating an encrypted connection between a web server and a browser, SSL ensures that all data connections remain private and secure. Implementation of SSL in a HTTPS website is usually indicated by the padlock icon or green address bar in web browsers.

    SSL Susceptible to DDoS

    SSL is extremely vulnerable to DDoS (distributed denial-of-service) attacks due to the inherent nature of its implementation: the way the system consumes resources is asymmetric.  The encryption key exchange and handshake process of SSL consume more resources on the server-end, at least ten times the resources of a normal connection. An attacker could single handedly challenge high-performance servers through SSL handshake requests, commonly known as SSL renegotiation attacks.

    Due to the widespread adoption of SSL, financial companies are the main victims of SSL attacks. Driven by greed, commercial competition or even hacktivism, attackers are causing astronomical financial and reputational losses to the banking industry.

    • In 2012, a Hong Kong gold trading platform was taken down by malicious attackers, accursedly from China for blackmailing purpose, who exploited a flaw in the server’s SSL renegotiations.
    • From 2012 to 2013, Izz ad-Din al-Qassam Cyber Fighters, a Muslim hacker group, launched several waves of DDoS attacks against US-based financial institutions in response to an anti-Islam video. Websites of several financial giants, including Bank of America, Wells Fargo and PNC, were knocked out.
    • In 2013 banks and TV stations in South Korea were hit by debilitating DDoS attacks. Three financial institutions and two insurance firms were partially or completely crippled. North Korea was the culprit.

    In recent years the adoption of Bitcoin as a virtual currency has led to huge increases to its market capitalization. The growth in its value has brought about waves of cyber crimes aimed at manipulating prices, camouflaging Bitcoin theft and blackmailing. Similar to the finance industry, virtual currency platforms also use SSL encryptions.

    Though SSL has been an essential investment for countless businesses, recent attacks targeting SSL-protected sites have proved the security technique is not ironclad. The once impeccable SSL is a new favorite target for cybercriminals.

    Mobile Banking Threatened By Fragile Web APIs

    As we move towards a mobile-first world, banks are placing a great emphasis on mobile applications that enhance customer service and loyalty. These apps connect users with the bank’s online infrastructure and consume data via APIs. The next wave of DDoS attacks may very well target APIs in order to disable these mobile gateways.

    Malicious attackers can makes excessive connections to APIs under the guise of legitimate users to block normal access. And unlike a web page that’s been taken offline, this kind of attack is rather hidden. Since the app can still be launched on mobile devices, users may simply blame their mobile network and assume they have lost coverage, instead of suspecting that the app has been compromised. Bank customers are increasingly using apps as their main channel for banking transactions, so API attacks may have drastic consequences in the future.

    Security in the Year Ahead

    Detecting and mitigating SSL and API-based DDoS attacks has long been a headache for security vendors, since there is no sudden traffic spike or obvious signatures. Attacker can easily forge small amounts of requests that trigger SSL handshakes or exploit web APIs to exhaust resources on the target server.

    As cyber criminals continue to refine their attack methods and exploit security flaws, financial institutions must regularly audit their systems for weaknesses. It is also imperative they adopt solutions that are proactive in order to anticipate and successfully defend against next-generation attacks.

    DDoS Problem Resolved Through Human Identification

    • NexQloud’s answer to the DDoS problem lies within its proprietary human identification engine – Qlo. Qlo’s “identifying the human” philosophy is a simple 3-step process: deny non-humans, eject bad humans, and manage good humans.
    • When SSL traffic is passing through, Qlo first identifies the source of SSL requests and allows only human requests to process. Qlo then further determines the intent of human requesters based on user reputation and behavior patterns; those flooding the server with excessive SSL requests will be flagged as troublemakers, and ejected from the system automatically.
    • Qlo relieves servers of the heavy computational burden from negotiating handshakes of legitimate requests by offloading the decryption process to NexQloud, speeding up SSL handshakes by reusing existing SSL sessions.
    • NexQloud’s virtual API throttling system intelligently implements policies to control access to APIs based on the traffic type and usage patterns; calls to APIs are also rate-limited to assure availability.

    When a website protected by NexQloud is overloaded by too many visitors (i.e. holiday season or promotions), NexQloud starts a queuing mechanism automatically before a flash crowd forms and slows down the website.

    About NexQloud

    NexQloud (http://www.nexqloud.com) is the world’s newest and most innovative cloud-based DDoS mitigation and uptime management platform. Powered by the world’s first Human Identification engine, NexQloud offers fully automated protection with no software or hardware changes required. Our unique human identification approach protects financial institutes against all types of DDoS attacks, including SSL and API-based attacks.

    More from Technology

    Explore more articles in the Technology category

    Image for Nominations Open for Technology Awards 2026
    Nominations Open for Technology Awards 2026
    Image for Nominations Open for Innovation Awards 2026
    Nominations Open for Innovation Awards 2026
    Image for Archie earns industry recognition across G2, Capterra, and SoftwareReviews
    Archie Earns Industry Recognition Across G2, Capterra, and SoftwareReviews
    Image for The Bankaool Transformation: How a Regional Mexican Bank Became a Fintech Disruptor
    The Bankaool Transformation: How a Regional Mexican Bank Became a FinTech Disruptor
    Image for Submit Your Entry Today for Digital Banking Awards 2026
    Submit Your Entry Today for Digital Banking Awards 2026
    Image for Behavioral AI in Financial Services: Moving Beyond Automation Toward Human Understanding
    Behavioral AI in Financial Services: Moving Beyond Automation Toward Human Understanding
    Image for Submit Your Entry for Brand of the Year Awards Technology Bahrain 2026
    Submit Your Entry for Brand of the Year Awards Technology Bahrain 2026
    Image for Entries Now Open for Best Islamic Open Banking Burkina Faso APIs 2026
    Entries Now Open for Best Islamic Open Banking Burkina Faso APIs 2026
    Image for Entrepreneurial Discipline in the AI Economy: Insights from Dmytro Lavryniuk
    Entrepreneurial Discipline in the AI Economy: Insights From Dmytro Lavryniuk
    Image for Entries Now Open for Best New Digital Wallet Innovation Award 2026
    Entries Now Open for Best New Digital Wallet Innovation Award 2026
    Image for Call for Entries: Best Digital Wallet 2026
    Call for Entries: Best Digital Wallet 2026
    Image for Nominations Open for Brand of the Year Technology 2026
    Nominations Open for Brand of the Year Technology 2026
    View All Technology Posts
    Previous Technology PostEasy, Fast and in Tune With the Times: Withdrawing Cash From a Smart Atm via Mobile Phone
    Next Technology PostNew Direct Mail and Digital Technologies Businesses Should Adopt