Web application and application programming interface (API) attacks against the global financial services industry grew by 65% in Q2 2023 compared to Q2 2022, accounting for nine billion attacks in 18 months with banks bearing the brunt. That\u2019s according to the High Stakes of Innovation: Attack Trends in Financial Services report from cybersecurity firm Akamai.\n\nThe research is based on an analysis of security events detected on Akamai Connected Cloud, a network of approximately 340,000 servers in 4,000 locations on 1,300 networks in 130+ countries. Along with the rise in web app\/API attacks, the financial services sector has experienced an increase in Layer 3 and Layer 4 DDoS attacks, the report found.\n\nThe increase appears to be caused by the dramatic surge in the power of virtual machine botnets and pro-Russian hacktivism motivated by the Russia-Ukraine conflict, Akamai said.\n\nAPI security and DDoS risks pose persistent threats to organizations across sectors. In April, security researchers warned of a vulnerability in a UDP-based network service called the Service Location Protocol (SLP) that can be abused to significantly amplify DDoS attacks.\n\nThe growing use of APIs gives attackers more ways to break authentication controls, exfiltrate data, or perform disruptive acts, driving API security up the agenda for businesses and the cybersecurity community. Meanwhile, the global financial services industry continues to come into the crosshairs of cybercriminals as breaches and ransomware costs rise.\n\nFinancial services third-most targeted sector by web app, API attacks\n\nThe financial services sector was the third most targeted by web app and API attacks during Akamai\u2019s reporting period, largely due to the industry\u2019s continued digitalization and the rate at which adversaries are exploiting vulnerabilities in attacks, the firm said.\n\nBanks faced the most attacks (58%) followed by other financial services such as FinTech, capital markets, property and casualty insurance, and payment and lending companies (28%). Insurance companies accounted for 14% of web app and API traffic within the financial services sub-verticals, according to the report.\n\nLocal file inclusion biggest driver of web app, API attacks\n\nLocal file inclusion (LFI) vulnerabilities were the top driver of web app and API attacks, accounting for almost 58%. LFI enables attackers to launch a directory traversal (also known as path traversal) attack and subsequently gain access to sensitive information, Akamai wrote. Adversaries use LFI for a variety of nefarious purposes such as exposing files or disclosing information on web servers, performing remote code execution (RCE), or gaining a foothold in an enterprise network.\n\nLFI vulnerabilities were followed by cross-site scripting (XSS) and structured query language injection (SQLi), accounting for 24% and 11% of web app and API attacks, respectively.\n\n\u201cAs technology reshapes the financial services landscape, firms must take an active, ongoing approach to hardening systems and managing third-party risk,\u201d Teresa Walsh, global head of intelligence at the Financial Services Information Sharing and Analysis Center (FS-ISAC), tells CSO.\n\nApps and APIs must be kept patched and current, and it\u2019s also important to share threat intelligence and test incident response processes through exercises, both within organizations and across the industry, she adds.\n\nFinancial services top DDoS targets as Layer 3 and 4 attacks increase\n\nThe financial services sector is now the top vertical for DDoS attacks, surpassing gaming, with the EMEA region accounting for 63.5% of global DDoS events, according to Akamai\u2019s report. Layer 3 and Layer 4 DDoS attacks against financial services have increased, with EMEA seeing almost double these attack events as North America (32.58%). Akamai surmised this was due to Europe\u2019s close ties with Ukraine with financially and politically motivated attacks by Russia in relation to the Russie-Ukraine conflict.\n\nThe report also recorded a growth in the number of Layer 7 DDoS attacks targeting financial services. Unlike traditional Layer 3 or Layer 4 DDoS attacks \u2014 which aim to overwhelm network and transport layer infrastructure \u2014 Layer 7 (application layer) DDoS attacks target specific application functionalities, or the application server itself. They can cause significant damage even with a relatively smaller amount of malicious traffic.\n\n\u201cDDoS is unfortunately a common attack and has evolved beyond an institutional nuisance to a significant threat,\u201d says Walsh. \u201cFinancial services institutions have been particularly targeted by DDoS, which now often include ransom demands to halt the barrage of application requests that disrupt operations.\u201d\n\nThese attacks will continue to grow in quantity and severity, she says. As more services are moved to the cloud or contracted as software-as-a-service (SaaS), third-party solution providers are additional threat vectors, giving more opportunities for malicious actors to access financial firms\u2019 systems, Walsh adds. \u201cFinancial firms are increasingly integrating third party risk management into overall bank risk management policies, both due to regulatory guidance and the higher potential for operational and reputational risks due to their supply chain.\u201d\n\nCybercriminals target financial services as breaches, ransomware costs rise\n\nThe number of cybersecurity breaches for UK financial services firms has tripled in 2022\/23, with the highest number of breaches being reported within the pensions sector. A report from the international law firm RPC highlighted that the number of breaches reported to the Information Commissioners Office (ICO) has increased from 187 to 640, with reports within the pensions industry increasing significantly from six to 246.\n\nIn July, it was revealed that ransomware attacks on the global finance sector have cost $32.3 billion in downtime alone since 2018, according to research from Comparitech. It found that 225 financial organizations are confirmed to have been hit by a ransomware attack in the last five years, exposing at least 32.3 million individual records.\n\nSeparate data from Forrester revealed that attackers remain in the network of financial services and insurance providers the longest compared to other industries, with financial firms struggling to both eradicate and recover from breaches. Furthermore, financial services breaches incur higher costs, with organizations paying an average of $3 million in total, according to Forrester.