金融行业的 DDoS 攻击情况：威胁与抵御措施 | Akamai

June 2025 Contents Executive Summary3DDoS Trends: Volumetric and Application Layer Attacks4 Volumetric Attacks on the Rise4Application Layer: The Growing Threat to APIs and Web Applications5 Regional Overview8Notable DDoS Attacks in 20249 Notable DDoS Threat Actors10Proactive Approaches to Mitigation11DDoS Maturity Model12References and Resources16 Appendix A: Difference between Volumetric & Application Layer DDoS Attacks16Appendix B: DDoS Maturity Model17Appendix C: Fundamentals of Cyber Hygiene for DDoS18Appendix D: DDoS Protection Services Criteria19 Executive Summary The financial services sector is a prime target for distributed denial-of-service (DDoS) attacks. These attacksdisrupt interactions between customers and their financial services providers by slowing or shutting downcustomer-facing websites and applications. Some attacks disrupt interactions between financial firms andthird-party service providers, and even their employees, by preventing access and communication. While themotivations for DDoS attacks vary, the risks of operational downtime and reputational harm can impact theirtargets and cause an erosion of trust in the security of the company. Today’s DDoS attacks aren’t just simple traffic floods. Sophisticated threat actors are launching precision-targeted, multi-dimensional assault strategies that exploit complex vulnerabilities in financial services’cybersecurity. To help executives prepare for this new level of threat, this report provides: >Analysis of the current DDoS threat landscape, including dominant attack types and threat actors>Our new DDoS Maturity Model — a structured framework to help firms evaluate their capabilities andmap them to current DDoS threats>Fundamental cyber practices for managing DDoS threats, applicable to firms at all levels of maturity,and a guide to selecting DDoS mitigation providers DDoS attacks will remain a favored tactic due to their low barrier to entry, high impact, and built-in anonymity.The sector’s expanding attack surface offers attackers more opportunities — and today’s DDoS attacks aresmarter, more persistent, and better tailored to victims’ business models than in past years. As the threat landscape evolves and the risks to financial services operations, profitability, and reputationsincrease, the sector must recognize that DDoS attacks are much more than a nuisance — they’re a strategicthreat. The data in this report is sourced from Akamai and FS-ISAC members. See the trajectory of DDoS attack trends with the 2023 and 2024 FS-ISAC/Akamai reports. Read here↗ FS-ISAC members will also have access to upcoming technical guidance on increasing DDoS maturity. DDoS Trends: Volumetric and Application Layer Attacks The financial services sector is at increasing risk from two types of attack across firms'technology stack:volumetric and application layer. See Appendix A for more information on these attacks. Volumetric Attacks on the Rise Volumetric DDoSAttacks The financial services sector was the world’s top target in 2023 and2024 for volumetric DDoS attacks. Volumetricattacks sendenormous volumes of traffic— hence, the term volumetric— to overwhelm the capacityof the targeted server ornetwork and cause it to slowdown or fail. Campaigns range from opportunistic traffic floods to precise andvery sophisticated attacks, and the motivation is not always known. Akamai’s volumetric DDoS attack data shows tracking of each attackagainst a company as an event. Each event can include hundreds,millions, or billions of individual malicious requests. Those requestsare combined into a single volumetric attack event. As the graph,volumetric attacks on the financial services sector have beenincreasing for several years. The financial sector experienced a major spike in volumetric attacks in October 2024, according to Akamai’sdata. FS-ISAC members began reporting more DDoS attacks at the same time. Many of the reported attacksshared overlapping attack vectors, suggesting that the threat actors are (a) the same, (b) collaborating, and/or (c) relying on common infrastructure or DDoS-as-a-Service providers. Overall, FS-ISAC members reportedlimited impact in most cases. The frequency of DDoS events does not always reflect their severity and attack intensity – substantial spikeswere recorded during periods of otherwise minimal DDoS activity. This highlights the importance of evaluatingboth the number of incidents and the scale of traffic to fully understand the impact and risk of DDoS attacks. Overall, technological advancements have dramatically increased the power and capabilities of DDoS attackers.Today's bandwidth and computational resources enable the launch of adaptable, powerful, and cost-effectiveDDoS attacks. Many threat actors deploy virtual machine (VM) botnets to conduct attacks more efficientlyby harnessing computational resources across numerous VMs and Internet of Things (IoT) devices. Thisapproach exploits the distributed natu