European banks are scaling-up their IT network defenses against a surge in data breaches and Distributed Denial of Service (DDoS) cyber attacks. AXA, Nordea, Abn Amro and Banco Santander are among the financial groups targeted by what banks are describing as a “completely different scale” of hostile threat from the cyber domain.
This latest generation of cybercriminals are becoming bolder and more innovative in how they target banks. Hackers are increasingly using browser impersonation techniques to bombard, overload and immobilize banks’ core cybersecurity defenses with the aim of capturing customer assets and critical data.
The leveraging of IP addresses in attacks reinforces the view among cyber defenders that hackers are “compromising” domestic smart appliances like washing machines and refrigerators to create bot networks ahead of cyber strikes against banks’ critical IT infrastructure, said Sara Mella, the Nordea Bank’s Head of Private Customers Nordic.
“It’s probable that home appliances are being turned in to botnets. The time has come to talk about finding solutions to protect household appliances that are connected to the web. The cyber threats we face are on a completely different scale,” Mella said.
Nordea experienced sustained DDoS attacks in September and October that shutdown online customer platforms. The bank claims its cybersecurity defenses repelled up to 90% of the attacks before hackers could overload core IT systems.
Cyber attackers launched 6 million separate DDoS attacks worldwide in the third quarter of 2024, according to research from Cloudflare. That’s 49% higher than the second quarter and 55% higher compared to the same quarter in 2023.
The IT networks of AXA, Dutch bank Abn Amro, and Belgium’s financial sector federation Febelfin recorded hypervolumetric incidents of up to one terrabit per second (tbps), or one billion packets per second, during 2024. The European Central Bank (ECB) will launch the Digital Operational Resilience Act (DORA) on January 17. The initiative will establish a framework to strengthen the European financial sector’s capability to better defend against cyber threats. The DORA will require banks to elevate the importance of relationship-building with critical third parties and buttress their cyber-risk management.
