DDoS Attacks in Fintech - Time to Worry?

Financial services are a popular target of DDoS attacks because of their diverse attack surface, including banking IT infrastructure, payment portals, customer accounts, and more.

The recent DDoS attack on Sberbank, Russia's VTB Bank, ANZ New Zealand, and similar attacks on several other financial institutions are witnesses to this probability.

Think that hackers will not target your applications?

Indusface Research on 1400 websites concluded that 405 websites experienced DDoS attacks in Q4. In Q3, the number of websites hit with DDoS attacks was only 234, an increase of 74%.

Overall, 336 million DDoS requests were blocked on the AppTrana WAF.

Why Are Hackers Interested in Fintech Companies?

It's no accident that cybercriminals are more interested in Fintech companies than ever before.

Here are the key factors that make Fintech a target for cybercrime:

Ongoing Support

Most, if not all, Fintech companies offer a 24/7 public-facing service with mobile functionality. Consumer dependence is an attractive quality to hackers. It makes fintech a more lucrative target for attacks.

Most Vulnerable

The Fintech industry is constantly upgrading its in-house tech. This causes their DDoS risk to soar. Because DDoS protection needs to be reconfigured after every update. Attackers like to take advantage of DDoS vulnerabilities, even during a short window.

Data Protection is a Priority

Data privacy matters for fintech, but so does its availability. Hackers target these companies because they hold more sensitive data of businesses and individuals.

Increased Competition

Competition in Fintech is increasing rapidly. You don't need to look much further than the cryptocurrency market. More companies compete for the same market than ever before.

A DDoS attack in Fintech can happen because a company hires attackers to take out the competition. For pennies on the dollar. Services like DDoS-for-hire make it easier to launch attacks against competitors.

Outage Affects Brand Reputation

Fintech companies are eager to build their brand and maintain a strong reputation with their customers. DDoS vulnerabilities can quickly lead to server downtime, resulting in bad publicity. A bad reputation can be hard to repair after the fact.

Ransome Payment

The goal of the attacker is usually money. Repeated DDoS attacks can lead a company to misery. Many victims end up paying for ransomware to avoid future attacks.

How Can Fintech Companies Protect Against DDoS Attacks?

Little known (but key) fact:

DDoS attacks usually don't lead to data leakages or breaches. It aims for the service outage. This quickly leads to loss of business, frustrated customers, and bad publicity.

But Fintech companies must spend a lot of time and money recovering their services. A single hour of downtime costs can cost companies from $1 million to over $5 million per hour, exclusive of legal fines, fees, or penalties.

Therefore, victims sometimes end up paying for ransomware. They don't want the attacks to continue. But this is not a solution. It doesn't guarantee that there won't be another DDoS attack. It's a short-term relief at best.

A Fintech company needs a more comprehensive solution. Here are the main things Fintech companies can do to protect themselves:

Create an incident response plan

You must know exactly how you will respond to a DDoS attack. Whether it's informing key executives and staff, steps for reducing downtime, or a list of key DDoS response tools. You need a laid-out plan and procedure. This alone is not enough, but it's a good starting point.

Implement network security essentials

This includes anti-virus, anti-malware, web security, anti-spoofing, network segmentation, and similar tools.

Create redundancy

A DDoS attack in Fintech turns out to be less of a threat when the victim has server redundancy. With servers at colocation facilities and data centers, you can effectively mitigate the risk of downtime.

Know the signs

A distributed denial of service attack always leaves clues:

• Are you experiencing connectivity issues?
• Is your server crashing repeatedly?
• Have you identified unusual traffic from one source or a group of IP addresses?

These are tell-tale clues that a DDoS attack may be underway. Listen to the warning signs of DDoS risk. Your security team should be mindful of all relevant factors.

Leverage cloud-based protection

DDoS attacks can be voluminous. The cloud-based DDoS protection doesn't have limitations on your onsite hardware and software. It's better equipped to handle large-scale attacks.

Use Continuous Monitoring with WAF

You can use WAF for automatic DDoS protection. WAF analyzes your web traffic for malicious traffic. It detects fake requests and blocks them from reaching your system. Many attackers use sophisticated techniques to evade detection. When evaluating a WAF for DDoS protection, look for the following features:

• The solution should allow application owners to add rate limits at IP, host, URI, and geography
• The system recommends rate limits and even auto-apply based on past traffic trends through AI and ML
• Managed services to prevent false positives by monitoring DDoS requests at a threshold level. The solution should automatically send alerts and log requests based on a formula, for example, 200% of the set rate limit. The managed services team could help with custom rules for tar pitting, captcha, etc.