The UK financial sector experienced a notable increase in distributed denial of service (DDoS) attacks in the first half of 2022, following the invasion of Ukraine by Russian forces.
According to data obtained by Picus Security through a Freedom of Information request, a quarter of the cyber incidents reported to the FCA in that period were DDoS attacks, a significant rise from just 4% the previous year. In fact, March and April 2022 saw a higher number of DDoS incidents reported to the FCA than during all of 2021.
This surge in DDoS activity is largely attributed to nation-state actors and hacktivists targeting Western nations amid the ongoing conflict between Russia and Ukraine, with the UK, US, and Germany being among the first to impose sanctions on Russia.
“DDoS attacks pose a serious risk to financial institutions due to their potential to disrupt operations and completely incapacitate systems,” stated Dr. Suleyman Ozarslan, co-founder of Picus Security. “UK financial institutions find themselves in the crosshairs of this ongoing war, becoming prime targets for attackers looking to disrupt the operations of Ukraine’s allies.”
A more sophisticated form of DDoS attack known as “carpet-bombing” has emerged, favored by both nation-state attackers and patriotic hacktivist groups. These attacks, which have primarily targeted internet service providers and critical infrastructure, are now extending to the finance sector.
“Carpet-bombing attacks typically generate lower traffic volumes per target host, making them less likely to trigger DDoS detection mechanisms,” Ozarslan explained. “This characteristic renders them particularly challenging to mitigate.”
To mitigate these risks, businesses must monitor large volumes of traffic over time and respond quickly to any anomalies that could threaten network availability.
While the ongoing conflict in Ukraine is likely the main driver behind the rise in DDoS activity, other factors may also contribute. Ransomware groups increasingly utilize DDoS attacks as a means of extortion, and the availability of DDoS-for-hire services has made such attacks accessible to less technically skilled criminals.
Cybercriminals often employ double extortion tactics, coercing victims to pay ransoms by threatening to leak data, alert the media about breaches, or disrupt operations with DDoS attacks.
“As the threat landscape evolves and the situation in Ukraine persists, financial institutions need to continuously strengthen their defenses,” Ozarslan advised. “This involves ensuring that security controls and processes are effective in countering the latest risks.”