Joint report reveals rise in sophisticated, persistent DDoS attacks threatening trust and resilience across Asia Pacific’s financial sector
FS-ISAC, the member-driven global cyber intelligence sharing community for financial services, and Akamai Technologies, Inc. (NASDAQ: AKAM), a global leader in cybersecurity and cloud computing, have jointly released a new report detailing a meteoric rise in distributed denial-of-service (DDoS) attacks across the Asia-Pacific (APAC) region, with financial institutions being the primary target.
According to the 2025 edition of From Nuisance to Strategic Threat: DDoS Attacks Against the Financial Sector, financial services firms in APAC accounted for 38% of all volumetric Layer 3 and 4 DDoS attacks last year, a significant 245% spike from just 11% in 2023. These attacks increasingly threaten operational continuity and customer trust in the region, as threat actors escalate focus on APAC’s rapidly digitalising financial sector.
“DDoS attacks are becoming increasingly sophisticated, evolving from simple network flooding to targeted, multi-dimensional assaults that exploit intricate vulnerabilities across the entire supply chain,” said Teresa Walsh, FS-ISAC’s Chief Intelligence Officer and Managing Director, EMEA.
“As threat tactics continue to evolve — including those impacting APAC’s increasingly digital financial systems — we must ensure our technical defenses evolve and our people, tools, and processes work seamlessly together. It is critical that we harden our infrastructure and foster a culture of continuous vigilance and collaboration to protect continuity and customer trust.”
Key regional findings from the report include: Sustained DDoS campaigns in Q4 2024 impacted over 20 institutions in six countries, with the attacks likely launched by the same threat actor or hacker group While the individual attacks were not exceptionally large, the sustained campaigns were persistent and continuous in nature, and this is a trend that was not seen in APAC before.
APAC’s unprecedented wave of DDoS attacks in Q4 2024 targeted multiple financial services segments, including retail, payment processing, investment banking, financial governmental institutions, and more. Layer 7 (application-level) attacks in APAC grew significantly, with the financial services sector being the most targeted. The growth is attributed to the increasing adoption of APIs, which introduced a broader attack surface for bad actors.
The report also attributed the surge in attacks to multiple factors, including rising geopolitical tensions across the Asia-Pacific region and beyond, and the proliferation of DDoS-for-Hire platforms, which make such tools more accessible to threat actors motivated by malicious intent.
“DDoS attacks in APAC are no longer blunt-force attempts, but sophisticated multi-vector campaigns that exploit vulnerable systems and exposed APIs,” said Reuben Koh, Director of Security Technology & Strategy, APJ at Akamai.
“As highly coveted target sectors like financial services, commerce, and manufacturing accelerate digital growth, these continuous attacks pose growing operational and reputational risks, and organizations must work with trusted cybersecurity partners who can provide the intelligence, scalability, and agility needed to defend themselves in today’s threat landscape.
Similar Trends Across the World The observations in APAC align with the report’s global findings, which state that over one-third (37%) of all Layer 3 and 4 DDoS attacks in 2024 were against financial services, followed by gaming at 20% and manufacturing at 17%. This marks the second consecutive year that the financial sector was the leading target for such attacks, and it was the only industry to experience a major spike in DDoS attacks in 2024.
The rise in DDoS attack frequency is also closely tied to ongoing geopolitical tensions, notably the Israel-Hamas and Russia-Ukraine conflicts, which have spurred a surge in ideologically driven hacktivism. Attribution is also becoming harder as the lines blur between DDoS-for-Hire groups, hacktivists, and state-sponsored actors.
Modernizing Defenses in a Fragmented Cyber Landscape The Nuisance to Strategic Threat: DDoS Attacks Against the Financial Sector report also highlighted the benefits for financial institutions adopting the FS-ISAC and Akamai-developed DDoS Maturity Model, a scalable framework designed to benchmark readiness and guide investment in defense strategies. It underlines the urgent need for organisations to consider: Real-time behavioral analytics and traffic baselining; Threat intelligence-led automation of detection and mitigation; Strengthening DNS and API security through continuous testing and hardening; Geo-IP filtering to cut exposure from high-risk regions.
From Nuisance to Strategic Threat: DDoS Attacks Against the Financial Sector contains regional data, a profile of top hacktivist groups, and an overview of best cyber hygiene practices. In addition, the report includes a section on mitigation strategies.
Most notably, it recommends following a DDoS Maturity Model — jointly developed by FS-ISAC and Akamai, which helps institutions map their specific capabilities and practices to assess their ability to withstand DDoS attacks. This provides a structured approach that outlines different stages of maturity.
The collaboration on this report stems from Akamai’s foundational participation in FS-ISAC’s Critical Providers Program, which was launched in 2022 to bolster the financial sector’s supply chain security.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream formerly known as CIO News LinkedIn Account | The Mainstream formerly known as CIO News Facebook | The Mainstream formerly known as CIO News Youtube | The Mainstream formerly known as CIO News Twitter |The Mainstream formerly known as CIO News Whatsapp Channel | The Mainstream formerly known as CIO News Instagram
About us:
The Mainstream formerly known as CIO News is a premier platform dedicated to delivering latest news, updates, and insights from the tech industry. With its strong foundation of intellectual property and thought leadership, the platform is well-positioned to stay ahead of the curve and lead conversations about how technology shapes our world. From its early days as CIO News to its rebranding as The Mainstream on November 28, 2024, it has been expanding its global reach, targeting key markets in the Middle East & Africa, ASEAN, the USA, and the UK. The Mainstream is a vision to put technology at the center of every conversation, inspiring professionals and organizations to embrace the future of tech.
