Akamai Prevents the Largest DDoS Attack on a U.S. Financial Company
The shock-and-awe attacks continue into 2023
On September 5, 2023, at approximately 19:31 UTC, Akamai Prolexic, our distributed denial-of-service (DDoS) defense platform, successfully detected and prevented the largest DDoS attack directed at one of the biggest and most influential U.S. financial institutions on the Prolexic platform. Cybercriminals used a combination of ACK, PUSH, RESET, and SYN flood attack vectors, peaking at 633.7 gigabits per second (Gbps) and 55.1 million packets per second (Mpps). The attack was sharp but lasted for less than 2 minutes, and was proactively mitigated by our customer’s comprehensive cyberdefense posture.
Over the past 18 months, the Prolexic DDoS protection platform has repeatedly protected customers across Europe and Asia-Pacific from record-breaking DDoS attacks. In September 2022, Akamai successfully detected and mitigated the now-largest DDoS attack ever launched against a European customer on the Prolexic platform, with attack traffic abruptly spiking to 704.8 Mpps in an aggressive attempt to cripple the organization’s business operations. Similarly, in February 2023, Akamai mitigated the largest DDoS attack ever launched against a Prolexic customer based in Asia-Pacific, with attack traffic peaking at 900.1 Gbps and 158.2 Mpps.
Breaking down the attack
Figure 1 showcases the comparative distribution of peacetime traffic and attack traffic for the financial institution. During peacetime, almost all the legitimate traffic for the U.S. company originates from the United States.
Fig. 1: The comparative distribution of peacetime traffic and attack traffic, cumulative over a 24-hour period that contains the attack period.
During the attack, the top 10 sources for the targeted malicious traffic originated from Bulgaria, Brazil, China, India, United States, Thailand, Russia, Ukraine, Vietnam, and Japan. Note that during the attack, the traffic from the United States was more than double the volume of peacetime traffic originating from the country.
Attacking the financial backbone of an economy
DDoS attacks are not a happenstance event. These are targeted and motivated attacks with the intent to cripple an organization’s or institution’s operations. In recent years, DDoS attacks have also become convenient, relatively inexpensive, and easy-to-use cyberattack smokescreens for triple extortion ransomware attacks. Financial institutions are a key pillar of an economy, and targeting such businesses often has a larger impact on the overall economy.
Historically, approximately 10% to 15% of the DDoS attacks observed by Akamai have been aimed at customers in the financial services industry. However, since 2021, there has been a distinct and noticeable surge in the number of DDoS attacks against customers in this industry vertical (Figure 2). In fact, over the past four quarters, more than 30% of the DDoS attacks have been aimed at financial services companies. It is a marked shift in the DDoS attack patterns observed by Akamai. Traditionally, companies in the software/tech, gaming, media/entertainment and internet/telecom industries were the ones hit with record-breaking DDoS attacks.
Fig. 2: A notable surge in the number of DDoS attacks targeting financial services companies
A significant trend that Akamai has observed in recent times is the rise in deeper reconnaissance threats and increased attacks on vulnerable assets of customers. However, the latest DDoS attack that not only targeted a major US-based global financial institution, but also went directly after their primary web landing page with an intent to disrupt online banking, is an outlier to those recent trends.
We have some great relationships with most of the major financial institutions and they tend to see a multitude of serious cyberattacks. This attack was rare because of its scale. We remain vigilant to see if the trend continues. Ultimately, this really drives home the need for a robust and flexible platform with full technical capabilities supported by world-class security professionals."
— Sean Lyons, SVP and GM, Infrastructure Security, Akamai
No collateral damage
There was no collateral damage or service degradation for our customer, thanks to a proactive defense posture set up in partnership with our global security and operational command center.
In the wake of heightened operational risk, having a proven DDoS mitigation strategy is imperative to allow online businesses to thrive. To stay ahead of the latest threats, utilize the following guidance.
Guidance on minimizing risks from DDoS attacks
Immediately review and implement Cybersecurity and Infrastructure Security Agency (CISA) recommendations.
Review critical subnets and IP spaces, and ensure that they have mitigation controls in place.
Deploy DDoS security controls in an always-on mitigation posture as a first layer of defense to avoid an emergency integration scenario and to reduce the burden on incident responders. If you don’t have a trusted and proven cloud-based provider, get one now.
Extend your security posture beyond basic DDoS protection by setting up proactive security controls through a network cloud firewall. A firewall outside your firewalls is a powerful, easy-to-deploy, and easy-to-use tool to quickly, centrally, and globally block traffic that you don’t want hitting your networks or certain targets within your networks.
Proactively pull together a crisis response team and ensure runbooks and incident response plans are up-to-date:
Do you have a runbook to deal with catastrophic events?
Are the contacts within the playbooks updated? (A playbook that references outdated tech assets or people who have long left the company isn’t going to help.)
Under attack?
If you are currently under DDoS attack or threat of extortion, please reach out for 24/7 emergency DDoS protection.
Learn more
Want to learn more about the evolution and growing threat of DDoS attacks? Schedule a custom threat briefing with an Akamai expert to help you identify if you’re at risk.
