Smarter Payments

Deep Dive: The Growing Threat Of DDoS Attacks

DDoS attacks are among the most serious cyberthreats. During these events, multiple compromised computer systems launch attacks on one or several parts of an organization’s infrastructure. The following Deep Dive examines how DDoS attacks work, the toll they can take on FIs and the steps banks can implement to guard against future threats.

Interconnectivity among FIs aims to promote greater collaboration and competition in the financial services marketplace, with the ultimate goal of providing better services, products and options to consumers. As these FIs work closely together, though, they might also find themselves vulnerable to cyberthreats.

A DDoS attack is among the most serious of these threats. Multiple compromised computer systems launch attacks on one or several parts of an organization’s infrastructure during a DDoS event, and that can include a server, website or other type of resource.

One of the worst attacks on record — by some accounts — occurred earlier this year. Web hosting solutions provider GitHub recently reported it had experienced an attack at a rate of 1.35 terabytes per second (Tbps), beating the previous record of 1.1Tbps.

Web hosting services like GitHub are not the only ones to experience DDoS attacks, however. Financial services companies around the globe have also been targeted in the past decade, including Bank of America, Wells Fargo, Capital One, HSBC and non-bank financial companies like PayPal. These attacks are estimated to have cost affected FIs $100,000 per hour of disruption.

The DDoS threat is likely to increase as cybercriminals become more sophisticated. The following Deep Dive examines how they work, the toll they can take on FIs and the steps banks can implement to guard against future DDoS threats.

The growing danger of DDoS attacks

A computer or connected device becomes compromised by malware during a DDoS event. The malware turns the infected devices into bots that can be used to perpetuate the malicious cyber event.

There are several avenues through which a DDoS attack can wreak havoc on an organization. It could result in an HTTP flood, for example, which sees a large number of HTTP requests overwhelm a server. Protocol attacks, on the other hand, interrupt service by diverting resources away from firewalls, load balancers and other solutions that organize traffic across servers.

Recent research indicates DDoS threats are on track to become even greater and more sophisticated in coming years. They can exceed 1,000 gigabytes per second (Gbps), too, as the bots involved have grown more effective.

A 2016 attack by the Mirai botnet on online infrastructure services provider Dyn DNS — currently known as Oracle DYN — resulted in a massive flood of domain name server (DNS) queries across tens of millions of internet protocol (IP) addresses. The attack reached 400,000 bots and disrupted services to major companies, including Amazon, Netflix, Reddit, Spotify, Tumblr and Twitter.

There was good news when GitHub was hit earlier this year, though: It thwarted the attack in roughly 20 minutes. The event offered insights into the potential dangers to come, however. Unlike the Dyn attack, which reached its peak at 1.2Tbps of data, the GitHub attack reached 1.35Tbps. A few days later, another struck an unnamed U.S. service provider at a rate of 1.7Tbps.

Preparing for the worst

With the threat of DDoS attacks increasing — especially as attackers become more sophisticated and banks become more dependent on third-party providers (TPPs), interconnected platforms and web-based systems — banks, companies and governments alike now consider cybersecurity a top concern. Several players around the globe are now helping companies to prepare for DDoS and other types of cyber threats.

For example, Global Data Protection Regulations (GDPR) went live in Europe in May, requiring firms to implement a data handling strategy that meets a regulated level of oversight in terms of how they handle private data. Companies that operate in Europe are also required to have notification protocols in place in case of a data breach, and each region has been assigned data protection authorities (DPAs) to conduct investigations or impose fines to enforce the measure.

As more banks and FIs collaborate on improved services for consumers, they are also encouraged to carefully monitor the partners with which they engage. Recent research finds consumers expect their banks and retailers to take stronger precautions, with a 2017 survey from Consumer Payment Card Data Security Perceptions noting 82 percent of respondents feel “banks, retailers and other organizations involved in the credit/debit card industry need to do more to protect their personal card data.”

The takeaway from this survey is clear: Consumers want FIs and retailers to do more to protect their data as cyber pressures mount. This means organizations must invest in securing their networks, software, hardware and any other resource involved in the transmission and exchange of personal data or financial information.

A growing rate of collaboration is helping to make payments smarter, but FIs and retailers must still take the appropriate precautions to keep payments safe — especially given the havoc a DDoS attack can wreak.



The pressure on banks to modernize their payments capabilities to support initiatives such as ISO 20022 and instant/real time payments has been exacerbated by the emergence of COVID-19 and the compelling need to quickly scale operations due to the rapid growth of contactless payments, and subsequent increase in digitization. Given this new normal, the need for agility and optimization across the payments processing value chain is imperative.