DDoS Attacks on UK Firms Surge During Ukraine War

  • The volume of DDoS attacks against UK financial institutions surged during the first few months of the Ukraine war, according to new Freedom of Information (FoI) data obtained from the industry regulator.

    The Financial Conduct Authority (FCA) revealed to Picus Security that there have been 14 DDoS attack so far in 2022, versus just five in the whole of 2021.

    More tellingly, there were no DDoS attempts on UK finance firms at all this year until March, when four struck. June was the biggest month in the first half of the year, with five attacks recorded.

    Russia invaded Ukraine on February 24, 2022.

    Given the finance sector’s important role as critical national infrastructure, Picus Security believes these attacks were the result of state-sponsored and hacktivist operations. A reported increase in DDoS-for-hire websites in the same time period may have helped the latter, the vendor claimed.

    However, the surge in attacks could also partly be explained by ransomware actors using DDoS as a tertiary extortion tactic, Picus Security said.

    Interestingly, the increase in DDoS occurred even as overall attacks fell year-on-year. There were 55 reports of “material” cyber incidents in the first half of 2022, down 25% from the 73 reported in H1 2021.

    The number of these incidents in the first six months of 2022 involving malware and phishing decreased 75% and 50% respectively, versus the same period in 2021.

    Material incidents are defined by the FCA as those that cause significant loss of data or control of IT systems, impact a large number of victims, and/or result in unauthorized access and malware deployment.

    “UK financial institutions are in the crossfire of the ongoing war between Russia and Ukraine and have become a direct target for nation-state attackers and hacktivists seeking to disrupt Ukraine’s allies,” said Picus Security co-founder, Suleyman Ozarslan.

    “While it’s encouraging that financial firms reported fewer cyber incidents in the first half of 2022 than they did during the equivalent period in 2021 there is no time for complacency. As threats evolve, financial institutions must continue to proactively harden their defenses. This includes validating that security controls and processes provide protection against the latest risks.”