FS-ISAC and Akamai Report: DDoS Attacks on APAC Financial Sector Surge

FS-ISAC, the member-driven, not-for-profit organisation that advances cybersecurity and resilience in the global financial system, and Akamai Technologies, Inc., the cybersecurity and cloud computing company that powers and protects business online, have released their joint annual report analysing the strategic threat posed by the escalating number and sophistication of distributed denial-of-service attacks (DDoS attacks) and their impact on customer trust, operations, and profitability in the financial services sector.

The report, “From Nuisance to Strategic Threat: DDoS Attacks Against the Financial Sector,” reveals an alarming surge in DDoS attacks targeting the financial services sector. In 2024, the Asia Pacific (APAC) financial services sector was the most targeted for volumetric DDoS attacks, accounting for 38% of all volumetric DDoS attacks—a sharp increase from just 11% in 2023.

Akamai’s research also found that in 2024, more than 20 financial institutions in six APAC countries were targeted in an unprecedented wave of DDoS attacks, likely executed by a single threat actor or hacker group. These attacks underscore the growing sophistication and scale of cyber threats in the region.

“DDoS attacks are becoming increasingly sophisticated, evolving from simple network flooding to targeted, multi-dimensional assaults that exploit intricate vulnerabilities across the entire supply chain,” said Teresa Walsh, FS-ISAC’s Chief Intelligence Officer and Managing Director at EMEA. “As threat tactics continue to evolve, we must ensure our technical defences evolve and our people, tools, and processes work seamlessly together. It is critical that we harden our infrastructure and foster a culture of continuous vigilance and collaboration to protect continuity and customer trust.”

DDoS Attacks Are Evolving and Getting More Sophisticated

Key findings highlight the shifting dynamics of DDoS threats—from the increasing use of DDoS-for-Hire services to regional surges in activity—underscoring the urgent need for advanced, adaptive defence strategies. Highlights include:

• The disproportionate increase of DDoS attacks on the financial sector, compared to other industries. The sector remained the leading target for volumetric year-over-year DDoS attacks, with a major spike in October 2024.
• DDoS attacks are increasing in frequency, and cybercriminals are exploiting today’s high bandwidths and greater computational resources to launch more adaptable, powerful, and cost-effective DDoS attacks.

• DDoS attacks on the application layer of financial firms’ technology stack increased 23% between 2023 and 2024. Many such attacks targeted Application Programming Interfaces (APIs) and customer-facing websites, which require knowledge of complex vulnerabilities in the company’s infrastructure, indicating cybercriminals’ growing skills.
• The widespread use of DDoS-for-Hire services targeting the financial sector disguises attackers, making it difficult to identify the cybercriminal’s motivation and develop mitigation plans.
• Ongoing geopolitical tensions, particularly the Hamas-Israel and Russia-Ukraine wars, have fueled a surge in hacktivism.

FS-ISAC and Akamai Develop DDoS Maturity Model 

In addition, FS-ISAC and Akamai developed a five-level DDoS Maturity Model detailing DDoS-relevant characteristics, defensive capabilities, and risks to help financial institutions assess their ability to withstand these kinds of attacks. Institutions at any level of cyber maturity can use it to improve their resilience, prioritise investments, and facilitate ongoing improvement.

“Threat actors will continue to leverage DDoS attacks to exploit the security of our institutions,” said Steve Winterfeld, Advisory CISO at Akamai. “These attacks strive to exhaust an institution’s network infrastructure and, in turn, drain the resources used to defend against them. The implementation of mitigation strategies, robust cyber hygiene fundamentals, and industry best practices can help the sector defend against the evolving risk.”

The collaboration on this report is a product of Akamai’s founding participation in FS-ISAC’s Critical Providers Program, which was launched in 2022 to bolster the financial sector’s supply chain security.

Download the full report here.