Picus Security, a developer of Breach and Attack Simulation (BAS) technology published the cyber incident data obtained from the regulator yesterday.

Obtained through a Freedom of Information (FOI) request, Picus observed a steep rise in DDoS attacks reported to the regulator, with 25% of cyber incidents submitted to the FCA in the first half of 2022 involving DDoS, compared to 4% in 2021.

Picus believes the primary reason for the significant increase in DDoS attacks is UK finance firms being targeted by nation-state attackers and hacktivists during the ongoing Russia-Ukraine conflict. DDoS attacks, including sophisticated ‘carpet-bombing’, are often used against providers of critical infrastructure to disrupt operations and deny access to vital services.

The observed rise in DDoS attacks also coincides with a reported increase in DDoS for hire websites and ransomware operators using DDoS as a tactic to pressure and extort money from targets.

The FOI request also revealed that the FCA received 55 reports of ‘material’ cyber incidents in the first half of 2022, down 25% from 73 in H1 2021. A total of 64% of reported material cyber incidents in H1 2022 were due to cyber-attacks.

At the same time, the number of cyber incidents in H1 2022 involving malware and phishing decreased 75% and 50% respectively, compared to the same period in 2021. Cyber incidents involving ransomware also decreased 63% in H1 2022 compared to the number reported in H1 2021.

Dr Suleyman Ozarslan, Picus Security co-founder and VP of Picus Labs, said: “DDoS attacks are a concern for financial institutions, with their ability to disrupt operations and even bring them down entirely.

“UK financial institutions are in the crossfire of the ongoing war between Russia and Ukraine and have become a direct target for nation-state attackers and hacktivists seeking to disrupt Ukraine’s allies.”

She added: “While it’s encouraging that financial firms reported fewer cyber incidents in the first half of 2022 than they did during the equivalent period in 2021 there is no time for complacency. As threats evolve, financial institutions must continue to proactively harden their defenses. This includes validating that security controls and processes provide protection against the latest risks.”