NetScout: DDoS attacks against the financial sector

In June, the frequency of attacks against the financial sector increased more than five-fold worldwide compared to the previous month. NETSCOUT observed more DDoS attacks in that one month than they had seen from January-May 2020. Additionally, between June and August 2020, the financial sector has seen more attacks than were observed in total from April 2016 to May 2020.

EMEA was the most affected region, targeted with nearly 40% of attacks, followed by NAMER (33%), APACA (15%) and LATAM (13%). For the EMEA region, the surge in attack frequency in June 2020 was just under 990%. Furthermore, from June to August 2020, the number of observed attacks is more than the sum observed from April 2016 to May 2020. For the UK specifically, 14 times more attacks targeting financial institutions were witnessed in June 2020, more attacks than had been recorded since January 2019.

Volumes of attacks against finance companies started to ramp up worldwide from April 2020. The growth was noticeable in LATAM and APAC from May 2020, with both regions observing over an 11- to 12-fold increase that month compared to April 2020. The surge increased again in LATAM in June, with over 20-times growth. EMEA was the next region with the highest increase for the month of June, with attack volume increasing by roughly 11 times when compared to May. So far for 2020, LATAM is the most affected region from an attack volume perspective, followed by APAC. EMEA is third with volumes over 16 times of what they were in 2019.

In the UK, volumes of DDoS traffic against the financial targets increased from May to reach an average of 32.3 Gbps in July. This set a new record, nearly doubling the previous maximum seen in October 2016. For 2020, we are already at a near 6-fold increase of attack volumes in the UK compared to 2019.

When NETSCOUT took a look at the speed of attacks against the financial sector in June, they observed that the total throughput of attacks (measured in packets per second, sometimes also called “packet speed”) against the financial sector increased 4.5 times worldwide. This surge was first observed in LATAM in May, with a near 32 times increase in throughput compared to April.

APAC followed with attack speed being around 18 times faster. In EMEA, the increase first showed in June with roughly a 6.6-fold increase compared to May, then NAMER also in June with about a 5 times increase compared to the previous month. When looking at the first half of 2020, LATAM was the most affected in terms of attack throughput, with a 44.6 multiplier surge compared to 2019, followed by EMEA with a 15-fold increase.

Looking at the UK, NETSCOUT witnessed a surge in the speed of the attacks against financial organisations, jumping nearly 60-fold in May from an average of 15.1 Kpps to 0.9 Mpps, to reach 4.6 Mpps in August. This is another new record, beating the previous one from July 2016. So far, considering just the first eight months of 2020, the UK has seen an increase in the speed of attacks by just under six-fold compared to the whole of 2019.

Featured in this Article:


Author: Lauren Towner