Massive DDoS Attack Abserved On ‘Influential’ US Financial Firm

Last week, Akamai claimed to have observed and thwarted a massive DDoS attack targeting one of its “largest and most influential”, American financial institution.

Usually, almost all the legitimate traffic to the company’s site comes from the U.S., but during the 2-minute attack there was 633.7 gigabits of traffic per second from all over the world, including Bulgaria, Brazil, China, India, Thailand, Russia, Ukraine, Vietnam, and Japan.

The attack went directly after their primary web landing page with a likely intent to disrupt their online banking, according to Akamai. The incident didn’t harm or disrupt services, but given the magnitude of the attack, the financial company would have faced severe disruptions to its vital web systems had it not been mitigated.

Since 2021, there has been an increase in the number of DDoS attacks against financial services and over the past year, more than 30% of the DDoS attacks detected by Akamai have been aimed at financial services.

“Financial institutions are a key pillar of an economy, and targeting such businesses often has a larger impact on the overall economy,” Akamai researchers said.

Emily Phelps, Director, Cyware had this comment:

   “While financial institutions should pay close attention to the escalating attacks aimed at banks, enterprises across all sectors should take notice and ensure they have appropriate protections in place. Threat actors are not loyal to hitting one particular industry if the opportunity presents itself elsewhere.

   As DDoS attacks grow in scale and frequency, organizations must adopt more proactive measures to safeguard against such threats. Enterprises should regularly evaluate their risks and vulnerabilities and stay updated on the latest DDoS tactic, updating their defenses accordingly.

Dave Ratner, CEO, HYAS had this follow up:

   “The attack highlights that a chain is only as strong as its weakest link — in this case, one user likely following a malicious link amongst the hundreds that were delivered. Even the smartest of professionals will occasionally make mistakes or be fooled. It has never been more clear that Protective DNS solutions, capable of catching that mistake when a user clicks on a nefarious link, are required as part of a depth-in-depth strategy.”

DDoS attacks are easy to carry out and are devastating in nature. Thus this should be added to the ever growing list of things that organizations need to protect themselves against.

Leave a Reply

%d bloggers like this: