More than 100 Financial Services Firms Hit with DDoS Extortion Attacks

February 10, 2021 - 04:23
More than 100 Financial Services Firms Hit with DDoS Extortion Attacks

Industry-Wide Cross Border Cyber Intelligence Sharing Mitigated Impact


SINGAPORE - Media Outreach - 10 February 2021 - FS-ISAC,the only global cyber intelligence sharing community solely focused onfinancial services, announced today that last year, more than 100 financialservices firms were targets of a wave of Distributed Denial of Service (DDoS)extortion attacks conducted by the same threat actor. The criminals sentextortion notes threatening to disrupt the firms' websites and digitalservices. The threat actor methodically moved across jurisdictions in Europe,North America, Latin America, and Asia Pacific, hitting dozens of institutionswithin weeks. They targeted the full gamut of financial services companies:banks, fintechs, exchanges, card issuers, payments companies, insurancecompanies, credit bureaus, asset managers, money transfer companies, andpayroll companies. 


DDoS Attacks by Sub-Vertical

  1. Retail Banking


  1. Exchange


  1. Payments


  1. Securities & Investments             


  1. Insurance


  1. Critical Utility


  1. Credit Reporting Agency and Ratings


  1. Core Back Office Supplier



DDoS Attacks by Region

  1. North America (Us, Canada)


  1. Europe, UK, Middle East & Africa


  1. Asia


  1. Latin America



FS-ISAC credits its members' willingness to share cyberintelligence with mitigating the impact and threat for the financial servicesindustry. Members were able to keep up with the rapid pace of attacks using theFS-ISAC Intelligence Exchange's secure chat and intelligence sharingcapabilities, which enables industry collaboration and discussion in realtime. 

To increase industry-wide cross-border cyber intelligencesharing, FS-ISAC launched the GlobalLeaders award program.This is a company effort to elevate the profiles of members in thefinancial services community who actively share cyber intelligence and bestpractices across borders. 

"Today's cyber criminals know no borders. An attack on abank in Asia could be a harbinger for an attack on an insurance company in theUS, a stock exchange in Latin America, or a fintech in Europe," said Teresa Walsh, Global Head of Intelligenceat FS-ISAC. "This wave of attacks has shown how critical global cyberintelligence sharing is. Members sharing specific details of attacks enableother members to prepare and defend against them, lowering the return oninvestment for threat actors. Our Global Leaders program builds on thesenetwork effects by elevating those who share to benefit the entire community."

The attacks have slowed but the recent boom incryptocurrencies such as bitcoin, which cyber criminals use to demand payment,could incentivize other attacks.

"In 2021, we have already seen new cyber threats in the formof supply chain attacks, which we can expect to proliferate and evolve quickly.The only way to stay ahead of these ever more sophisticated threat actors is tocollaborate," said Jerry Perullo, CISOat ICE/NYSE and FS-ISAC Chairman of the Board. "Now more than ever, we needGlobal Leaders to model what effective sharing looks like to the rest of ourcommunity as well as the industry at large."

To learn more about the Global Leaders program visit


TheFinancial Services Information Sharing and Analysis Center (FS-ISAC) is theonly global cyber intelligence sharing community solely focused on financialservices. Serving financial institutions and in turn their customers, theorganization leverages its intelligence platform, resiliency resources, and atrusted peer-to-peer network of experts to anticipate, mitigate and respond tocyber threats. Headquartered in the United States, the organization has officesin the United Kingdom and Singapore, and members in more than 70 countries. Tolearn more, visit