Targeting financial organisations with DDoS: a multi-sided perspective
Comparing patterns in AmpPot data to experts view on target selection in the financial sector
More Info
expand_more
Abstract
Currently, DDoS attacks have become inevitable for financial services and their threat keeps rising. Numerous researches have focused on the technical since the rise of DDoS amplification attacks. However, there is less understanding regarding their target selection on financial services. This research uses a mixed method approach to capture factors that influence cybercriminals in their selection of victims. Via data from amplification DDoS honeypots, various factors are identified and explanatory models are provided. In addition, financial cyber security experts are consulted to assess their perspective on target selection. The analysis demonstrates that certain countries have significantly higher or lower victims, which can partially be explained through country level factors such as the ICT development and Normal GDP Per capita. In addition, the ICT development influences the duration of the attack significantly. The findings also indicate that organizational size, as measured by market value, showed a limited effect on the number of attacks. Contrary, experts regarded the size as a highly influential factor. The analyses furthermore demonstrate that financial organisations incur significantly more attacks on Friday than on any other day. Moreover, the experts mention additional target selection factors such as,
reputation, media attention, patching, having capable employees, and mitigation parties. Finally, this paper reflects on the implications of these findings for the financial sector and related sectors.