Noteworthy trends: Web attacks on the rise

A noteworthy shift we observed is the ranking of the financial services industry in distributed denial-of-service (DDoS) attacks. This year, the financial services industry ranked first for DDoS attacks while remaining third for web application and API attacks and first for phishing.

For the first time in this report, we broke out financial services into sub-verticals (Figure 1). This deeper examination of web application and API attacks in financial services revealed that banks are bearing the brunt of web attacks (58%), followed by other financial services companies, such as fintech, capital markets, property and casualty insurance, and payment and lending companies (28%).

Insurance companies account for 14% of web application and API traffic within the financial services sub-verticals. These overall increases originate from a surge in publicly available web application vulnerabilities, which are ripe for exploitation and abuse. Our previous SOTI report, Slipping Through the Security Gaps, highlighted how 2022 was a record year for web application and API attacks due to the emergence of critical security flaws like the ProxyNotShell vulnerability (CVE-2022–41040).