UK’s financial sector faces new wave of brute force DDoS attacks
The UK’s financial sector is experiencing a wave of brute force Distributed Denial of Service (DDoS) attacks, new data obtained through a freedom of information request shows.
Hackers are increasingly using brute force tactics to launch cyberattacks against the UK’s financial sector, as they pivot away from using phishing and malware scams, the Financial Conduct Authority (FCA) data obtained by cybersecurity firm Picus Security shows.
DDoS attacks accounted for 25 per cent of all hacking incidents reported to the FCA in the first half of 2022, compared to just four per cent in 2021.
The surge in the number of DDoS attacks comes as the number of malware and ransomware attacks has dropped sharply over the same period of time.
The number of cyberattacks involving ransomware dropped 63 per cent in the first half of 2022, as the number of phishing scams fell by half (50 per cent).
The sharp rise in DDoS attacks comes as hackers are increasingly using the brute force attacks, over more complex phishing scams, to extort money from victims.
Industry sources speaking to City A.M. noted major companies are often willing to pay ransoms to restore access to services, if the ransom payments are less than the cost of losing any business.
Cybersecurity experts said the increase also comes as state-backed hackers and hacktivists have pivoted their activities in favour of the war effort, following Russia’s invasion of Ukraine.
The pivot has seen hackers focus their efforts on targeting critical infrastructure, including the UK’s finance sector, via so-called “carpet-bombing” attacks instead of simply extorting money from victims.
“UK financial institutions are in the crossfire of the ongoing war between Russia and Ukraine and have become a direct target for nation-state attackers and hacktivists seeking to disrupt Ukraine’s allies,” Suleyman Ozarslan, co-founder of Picus Security said.
An FCA spokesperson said: “Cyber-attacks continue to pose a threat to all financial services firms. Firms should be aware of the threat, able to defend themselves effectively, and respond proportionately to cyber events.”