NETSCOUT discovers significant rise in DDoS attacks against the financial sector in 2020

By Philippe Alcoy, Security Technologies for NETSCOUT

Unlike the modern roaring twenties that many were hoping for, the turn of the decade has brought an unfathomable number of challenges for businesses across the globe. In these times of uncertainty, cybercriminals take advantage, and this year has been no exception. In our Threat Intelligence Report for the first half of 2020, the NETSCOUT Team was able to observe the trends that are emerging in the activities of cybercriminals. At the start of the year, attackers did not hesitate to strike faster, harder, and more often in order to swiftly knock out targeted industries with DDoS attacks. These involve multiple computer systems attacking a target (i.e. server, website) and cause a denial of service for users of the targeted resource. Indeed, in the UK, the frequency of attacks increased by 62 per cent during this six-month period, whilst 15-plus vector attacks spiked 126 per cent in popularity year over year. This global observation is also found in more granular analysis notably in the financial sector, which has become a prime target for hackers.

Frequency

In June, the frequency of attacks against the financial sector increased more than five-fold worldwide compared to the previous month. More DDoS attacks were identified in that one month than had been seen from January to May 2020. Between June and August 2020, the financial sector has seen more attacks than were observed in total from April 2016 to May 2020.

EMEA was the most affected region, targeted with nearly 40 per cent of attacks, followed by NAMER (33 per cent), APACA (15 per cent) and LATAM (13 per cent). For the EMEA region, attack frequency surged nearly 10-fold in June 2020. Furthermore, from June to August 2020, the number of observed attacks is more than the sum observed from April 2016 to May 2020. For the UK specifically, 14 times more attacks targeting financial institutions were witnessed in June 2020, more attacks than had been recorded since January 2019.

Bandwidth

Volumes of attacks against finance companies started to ramp up worldwide from April 2020. This does not come as a surprise, with April being the first month where nationwide lockdowns were in place throughout the course of the month for most of the world. The growth was noticeable in LATAM and APAC from May 2020, with both regions observing over an 11- to 12-fold increase that

month compared to April 2020. The surge increased again in LATAM in June, with over 20-times growth. EMEA was the next region with the highest increase for the month of June, with attack volume increasing by roughly 11 times when compared to May. So far for 2020, LATAM is the most affected region from an attack volume perspective, followed by APAC. EMEA is third with volumes over 16 times of what they were in 2019.

In the UK, volumes of DDoS traffic against the financial targets increased from May to reach an average of 32.3 Gbps in July. This set a record, nearly doubling the previous maximum seen in October 2016. For 2020, the UK has experienced a near six-fold increase of attack volumes compared to

Packets

When analysing the speed of attacks against the financial sector in June, we observed that the total throughput of attacks (measured in packets per second, sometimes also called “packet speed”) against the financial sector increased 4.5 times worldwide.

This surge was first observed in LATAM in May, with a near 32-times increase in throughput compared to April. APAC followed with attack speed being around 18 times faster. In EMEA, the increase was first apparent in June with roughly a seven-fold increase compared to May. The NAMER region also observed an increase in June with about a five-time rise compared to the previous month. When looking at the first half of 2020, LATAM was the most affected in terms of attack throughput, with a 44.6 multiplier surge compared to 2019, followed by EMEA with a 15-fold increase.

Looking at the UK, the NETSCOUT team witnessed a surge in the speed of the attacks against financial organisations, jumping nearly 60-fold in May from an average of 15.1 Kpps to 0.9 Mpps, to reach 4.6 Mpps in August. This is another new record, beating the previous one from July 2016. So far, taking into account just the first eight months of 2020, the UK has seen an increase in the speed of attacks by just under six-fold compared to the whole of 2019.

These increases in DDoS attacks are not unique to the financial sector and have also strongly affected industries linked to the management of the ongoing health crisis such as e-commerce, health, and education, especially during periods of lockdown. As these industries transitioned to functioning online, they became even greater targets for malicious acts. However, with the pandemic showing no signs of ending, these new forms of attacks, more aggressive and more targeted than ever before, are likely to continue to take place in the coming months.