Asia Pacific Tops the Charts for Phishing Threats Against Financial Institutions: Akamai Report

Asia Pacific Tops the Charts for Phishing Threats Against Financial Institutions: Akamai Report
Published on
3 min read

 Akamai Technologies, Inc. has revealed in a new State of the Internet (SOTI) report titled: Navigating the Rising Tide: Attack Trends in Financial Services, that the financial services sector remains the world’s most frequently targeted industry for Layer 3 and 4 distributed denial-of-service (DDoS) attacks for the second consecutive year. According to the report, financial services account for 34% of DDoS attacks, followed by gaming at 18% and high technology at 15%.

Financial institutions manage vast amounts of sensitive data and high-value transactions, making them attractive targets for DDoS attackers because of the high stakes involved. Layer 3 and Layer 4 DDoS attacks target network and transport layers, overwhelming network infrastructure and exhausting server resources and bandwidth. A successful DDoS attack on a financial institution can be severe, affecting customer trust, causing downtime, and leading to regulatory penalties. As a result, attackers often target these institutions to maximize the potential damage and leverage the high-stakes environment.

Navigating the Rising Tide: Attack Trends in Financial Services reveals that the increased DDoS events stem from ongoing geopolitical tensions, which have fueled a surge in hacktivist activities. The report details the involvement of well-known threat actors such as REvil, BlackCat (ALPHV), Anonymous Sudan, KillNet and NoName057 - all notable for their activities related to the Russia-Ukraine war. In addition, it explains how massive cyberattacks against global financial institutions have been launched in the wake of the Israel-Hamas conflict.

Other main findings of the report include:

  • Financial services is the sector most impacted by brand impersonation and abuse (36%), based on the number of all the suspicious sites monitored by Akamai. This is far ahead of the second most targeted vertical - commerce (26%).

  • Phishing dominates the counterfeit domains that are targeting financial services, accounting for 68% of all recorded instances. Brand impersonation follows in second place, representing 24% of all recorded domains.

  • Akamai observed sharp increases in the number of Layer 7 DDoS attacks that specifically target applications via APIs. A major concern are undocumented shadow APIs, which are often unprotected because information security teams are unaware of their existence. Attackers can exploit these APIs to exfiltrate data, bypass authentication controls, or perform disruptive acts.

  • DDoS event frequency doesn't always correlate with attack intensity. While some months show few attacks, the corresponding data indicates significant traffic spikes, emphasizing the need to consider both attack frequency and volume when assessing DDoS attacks.

“Cybercrime poses a significant threat to the financial services sector as it causes widespread disruption and serious economic damage,” said Steve Winterfeld, Advisory CISO, Akamai. “This report is designed specifically to help financial services cybersecurity professionals around the globe understand the increasingly complex threat landscape and best practices to protect customers.”

High digital adoption makes APJ’s financial sector more vulnerable to cyber attacks

The APJ region faces unique cybersecurity challenges due to its fragmented landscape, where developed and developing countries with strong gross domestic product (GDP) make it a prime target for attacks. The report revealed that APJ received the highest median threat score out of all regions for phishing, specifically around the number of suspicious domains and requests. The rapid digitalization in banking, combined with low awareness of phishing dangers, puts consumers at a higher risk of attacks despite this region having fewer phishing or brand impersonation domains compared to other parts of the world. This indicates that consumers in the region are at a higher risk of having their banking information and other sensitive data stolen when visiting websites.

While the financial services sector in APJ is rapidly adopting digital and emerging technologies, its cybersecurity measures lag behind Europe and America. The region's financial services face rising brand abuse risks due to two key factors: high digitization and active social media use. With almost all services available online, APJ's strong internet adoption makes it a prime target for cybercriminals. Additionally, financial organizations' increased engagement on social media, in some of the most active markets globally, opens more avenues for phishing and impersonation attacks, exploiting users' trust in these platforms.

"Indian financial organizations’ reliance on digital supply chain vendors have also surged, elevating the level of risks introduced into an organization. For example, a recent ransomware attack against a prominent Indian fintech company disrupted payment services for hundreds of banks across the country. Recent regulations such as the India Digital Personal Data Protection Act (DPDP) has also forced financial organizations to rethink on how to address legal requirements for data collection, retention and sharing, especially when emerging technologies like AI and APIs are being widely adopted,” said Reuben Koh, Director of Security Technology & Strategy, APJ, Akamai Technologies.

Navigating the Rising Tide: Attack Trends in Financial Services also features a guest column from FS-ISAC, a case study on credential stuffing attacks, a security spotlight on DDoS attack intensity, regional data, sections on Zero Trust and microsegmentation, and mitigation strategies for defending against DDoS attacks.

𝐒𝐭𝐚𝐲 𝐢𝐧𝐟𝐨𝐫𝐦𝐞𝐝 𝐰𝐢𝐭𝐡 𝐨𝐮𝐫 𝐥𝐚𝐭𝐞𝐬𝐭 𝐮𝐩𝐝𝐚𝐭𝐞𝐬 𝐛𝐲 𝐣𝐨𝐢𝐧𝐢𝐧𝐠 𝐭𝐡𝐞 WhatsApp Channel now! 👈📲

𝑭𝒐𝒍𝒍𝒐𝒘 𝑶𝒖𝒓 𝑺𝒐𝒄𝒊𝒂𝒍 𝑴𝒆𝒅𝒊𝒂 𝑷𝒂𝒈𝒆𝐬 👉 FacebookLinkedInTwitterInstagram

Related Stories

No stories found.
logo
DIGITAL TERMINAL
digitalterminal.in