The world is becoming more digitized each year. Organizations and individuals are increasingly reliant on the web for all aspects of life. The financial sector plays a large part in this digital surge. Nearly 2 billion consumers currently use online banking worldwide and it’s predicted that usage will rise to at least 2.5 billion by 2024. Considering evolving consumer and business behaviors, it is pivotal for banks and financial firms to provide secure services at all times. Because of this, financial institutions are prime targets for cyber attacks.
One of the most popular strikes against this industry is DDoS attacks. In this blog, you’ll learn all about DDoS attacks and the DNS solutions that can help businesses in the finance sector prevent these “blights” of the internet.
What is a DDoS Attack?
A distributed denial-of-service (DDoS) attack is a cyber threat that prevents legitimate web traffic from accessing a domain or network, and eventually, renders the system inoperable. This is usually carried out through DNS servers, but attacks can also be directed at internal systems and applications.
How DDoS Attacks Work
To implement such an attack, cybercriminals assemble what is called a botnet. A botnet typically comprises hundreds to thousands of hacked devices (also called zombies). Once a hacker is ready to start the attack, the devices are remotely instructed to flood a specific server or network. This added traffic, along with regular visitors, causes the network to become overloaded and unable to handle the “traffic jam.”
How DDoS Attacks Affect Banks and Financial Institutions
Financial institutions are prime targets for a DDoS attack. As monetary gain is often a motivating factor, the volume of personal and sensitive information held by banks is enticing. Not only can institutions be extorted for large sums of money to cease an attack, but criminals can steal customer and employee credentials and sell them. While DDoS attacks themselves won’t breach customer data, they are often used as a distraction for the ultimate goal of the hacktivist. When networks are down, it’s easier to exploit vulnerabilities in internal systems. Money isn’t the only thing that drives cybercriminals. Many attacks are grudge or politically motivated.
In the first quarter of 2021, financial institutions experienced a 30% increase in DDoS attacks worldwide. In a recent analysis, F5 Lab reported that Network volumetric attacks accounted for 40% of DoS-type attacks directed at banks, while 20% were aimed at the DNS providers hosting them. To make matters worse, as technology increases, so do the methods by which hackers are able to carry out digital assaults. Ignoring such threats is costly and a major security issue.
The Cost of Downtime and Outages
There is no denying how reliant the world has become on the internet. Banking, work, school, shopping, medical care, and play have all seen a huge spike in online dependence since the beginning of the Covid pandemic. But web usage has been trending for years and is unlikely to slow down.
Because of this reliance on the web, it is critical for banking and financial firms to stay online 100% of the time. Without access to accounts, consumers and businesses suffer, even if it’s just a brief period of time. To add insult to injury, the cost to your organization can be tremendous. A single minute of downtime can cost businesses as much as $5,600. Considering the average length of a DDoS attack, which averages about four hours, the costs could skyrocket into the millions when you factor in the cost of mitigation, loss of staff productivity, and brand reputation. People may have short attention spans online, but they have long memories.
As if a four-hour assault isn’t bad enough, DDoS attacks are predicted to start lasting longer—up to 10 days. Such an attack could have devastating effects on banking institutions and their customers.
History of DDoS Attacks in the Financial Industry that have affected Bank of America, JPMorgan Chase, U.S. Bank, PNC Bank, and Wells Fargo
Approximately 100 financial firms were hit with DDoS attacks in 2020. These attacks included banks, credit card companies, payroll services, insurance forms, and more. And unfortunately, distributed denial-of-service attacks are growing every year. In June of 2021, German cooperative banks were hit by a major attack that impacted more than 800 banks. The now infamous 2012 6 bank takedown, which included Bank of America, JPMorgan Chase, U.S. Bank, PNC Bank, and Wells Fargo, still stands as a dire example of how at risk the financial industry is to DDoS threats.
Major DNS-related Cloud Provider Outages
DDoS attacks aren’t the only outage-related issue that is troublesome for the finance industry. DNS and Cloud provider outages are also cause for concern. The most recent events that caused websites, including global banks, to go dark include:
Akamai 2021 Outages
In June of 2021, Akamai suffered from an outage that affected major airlines and Australian banks due to errors in internal routing tables. About a month later, Akamai experienced another large-scale outage due to issues with their Edge DNS services.
Amazon Web Services (AWS) and Route 53 Outages
Amazon and its DNS service, Route 53, has a lengthy history of outages, dating back from 2008 for nearly every year and on into 2021, with the company’s Photo service outage in May.
Neustar UltraDNS Outages
In May of 2021, UltraDNS experienced problems with authoritative DNS resolution, causing a blackout for top domains all over the world. Another notable UltraDNS outage occurred in 2015 due to a DDoS attack.
Fastly CDN Outage
Fastly, another major CDN provider, took down a large chunk of the internet in June of 2021 due to a software bug. This disruption affected top domains such as Amazon, Hulu, CNN, Twitch, USA Today, and more.
Other Notable Outages List in 2020-2021
- Microsoft - February, March (2), May, June, September (2), October, November, April 2021
- Cloudflare - April, July 2020
- Network Solutions - March, May 2021
- Neustar UltraDNS - May 2021
- Dyn/Oracle - 2021
- Google - January, March, April, June, August 2020, April 2021
- GoDaddy - November 2020
While this isn’t an exhaustive list, it certainly makes the case for redundancy and preventive measures for domains in the financial sector.
Signs of an Impending DDoS Attack
Luckily, there are signs of an imminent DDoS attack. Before an attack is fully underway, there are typically large query spikes that can alert IT teams of the threat in time to take precautionary measures. Once an attack has started to gain traction, you often start seeing increased response times for websites and applications, which is a warning signal that something is wrong. By the time you start hearing customer complaints about loss of service, it may be too late, so preventative strategies are key.
DNS Solutions for Preventing DDoS Attacks
With 20% of attacks against the financial industry being directed toward DNS providers, it’s critical that your DNS services include a means of preventing and quickly shutting down the threat before it leads to an outage. Below are some proven solutions that can be implemented on the DNS level.
DNS Server Redundancy: Primary/Primary
Primary/Primary functions like traditional Secondary DNS except in this configuration, you have two dedicated resources answering queries. This option allows for advanced customization as well as the ability to bypass certain RFC rules by creating API calls. Primary/Primary will also provide your domain with faster and more accurate query routing.
One thing to keep in mind is that this option can become tedious if your network requires frequent updates; however, the added performance boost and peace of mind make it well worth it. Having Primary/Primary is especially beneficial for protecting domains and applications in the event of a DDoS or DNS-related provider outage as you will have two providers.
Did you know?: When you use Primary/Primary at Constellix, the “secondary” service is automatically updated via API calls. Unlike many other providers, changes are forwarded to the secondary any time a record is changed in the primary configuration.
Advanced DNS Analytics and Query Logs
Analytics isn’t just for SEO. DNS analytics can be a powerful tool in preventing DoS- and DNS-related attacks. When shopping for a primary or secondary provider, don’t neglect to investigate whether or not they offer detailed query statistics and analytics. This feature can not only help you optimize your domain’s web traffic but can help you pinpoint DNS misconfigurations and identify threats against your network.
Did you know?: Constellix and sister company DNS Made Easy provide the most advanced analytics in the industry. Our query logs and statistics give domains a high-level, detailed view of query usage, including historical traffic pattern data.
Real-Time Traffic Anomaly Detection
While there are DDoS mitigation companies, this typically requires another vendor and can become a costly addition to your domain’s preventative strategy. But there are preventative services at the DNS level if you choose the right provider. For instance, Constellix offers a monitoring system that can be integrated into your DNS: Real-time Traffic Anomaly Detection (RTTAD). Using machine-learning AI, RTTAD continuously analyzes your web traffic and sends instant alerts to IT teams when unusual activity is detected. This type of monitoring lets teams investigate activity and determine whether it’s a potential threat and take any necessary steps to avoid downtime.
GeoIP Filtering
With IP filtering, you can quickly create a firewall for your network at the DNS level. If IT administrators notice suspicious activity that is causing large query spikes, they can set up filters that instruct resolvers to drop queries based on geographic location, IP address, Autonomous System Network (ASN) number, or EDNS client subnets. This will effectively block the malicious or unwanted traffic and prevent a full-blown DDoS attack before it can cripple your system. This feature is exceptionally powerful when paired with a strong monitoring and analytics solution.
The Power of DNS for Banks and Financial Firms
As financial institutions are at high risk for DDoS attacks and other related threats, it’s imperative that the right preventative measures are in place to ensure consumers have uninterrupted access to critical systems. Outages from attacks are costly and can be catastrophic to your brand. Fortunately, there are solutions at the DNS level that can prevent and mitigate threats.
Tip: Want to see firsthand how Constellix can protect your domain? Click here to schedule a demo and see it in action.
If you found this useful, why not share it? If there’s a topic you’d like to know more about, reach out and let me know. I’d love to hear your thoughts!
Liked this? You might find these useful:
DDoS Attacks Against Financial Institutes Resurge in June 2021
Need better DNS?
We can help.
• Configure with ease
• Prevent DDoS attacks
• Monitor your domains
• Optimize site traffic
• Enhance domain performance
• Free POC Account + Demo
BOOK FREE DEMO
Constellix DNS News
Sign up for industry news and insights. It'll be worth it.
Sign up for news and offers from Constellix and DNS Made Easy
