The number of authentication and distributed denial of service (DDoS) attacks against financial services organisations has risen substantially, according to new figures from F5 Labs.
Examining security incident response (SIRT) data collected by its clients - which include banks, credit unions, brokers, insurance and more - the firm found brute force and credential stuffing accounted for 42 percent of all attacks in 2019, up from 37 percent in 2017.
The results also varied by region, with brute force attacks taking up 20 percent of all attacks in EMEA, versus 64 percent in North America - driven, according to the report, by the region's large volume of already breached credentials.
DDoS, meanwhile, makes up 32 percent of all reported incidents between 2017 and 2019, and is referred to by F5 Labs as the “fastest growing threat”.
The report claims cybercriminals use DDoS attacks to assault two primary targets: core services used by customers (e.g. DNS) and applications that allow users to access online services.
For Raymond Pompon, Director at F5 Labs, the best way to combat these threat types is to nip them in the bud.
“Early detection is key. If defenders can identify an increase in failed login attempts over a short period of time, it gives them a window of opportunity to act before customers are affected," he said.
“The ability to quickly identify the characteristics of traffic when under attack conditions is critically important. It is also vital to quickly enable in-depth logging for application services in order to identify unusual queries.”