
Akamai Threat Research: Phishing and Credential Stuffing Attacks Remain Top Threat to Financial Services Organizations and Customers Latest State of The Internet / Security Report Observes 3.5 Billion Malicious Login Attempts Targeting the Financial Services Sector; Illustrates Akamai's Unique Threat Visibility
Cambridge, MA | July 31, 2019
Newly released data from Akamai's 2019 State of the Internet / Security Financial Services Attack Economy Report has found that 50% of all unique organizations impacted by observed phishing domains were from the financial services sector. The data shows that, in addition to unique phishing attempts, adversaries also leveraged credential stuffing attacks to the tune of 3.5 billion attempts during an 18-month period, putting the personal data and banking information of financial services customers at risk.
The report indicates that between December 2, 2018 and May 4, 2019, nearly 200,000 (197,524 to be exact) phishing domains were discovered, and of those domains, 66% targeted consumers directly. When taking the phishing domains targeting consumers only into consideration, 50% of those targeted companies in the financial services industry.
We've seen a steady rise in credential stuffing attacks over the past year, fed in part by a growth in phishing attacks against consumers, said Martin McKeay, Security Researcher at Akamai and Editorial Director of the State of the Internet / Security Report. Criminals supplement existing stolen credential data through phishing, and then one way they make money is by hijacking accounts or reselling the lists they create. We're seeing a whole economy developing to target financial services organizations and their consumers.
Once criminals have succeeded in their schemes, they need to process their ill-gotten data and funds. As Akamais report highlights, one method of dealing with this situation centers on bank drops' - packages of data that can be used to fraudulently open accounts at a given financial institution. Bank drops will typically include a persons stolen identity - often called fullz by criminals online, including name, address, date of birth, Social Security details, drivers license information, and credit score. Secure access to the fraudulent accounts comes via remote desktop servers, which are matched to the geographic location of the bank and the fullz.
Financial institutions continue to investigate the ways in which criminals are opening these drop accounts, and are working diligently to stay ahead of the curve. What most businesses don't realize, however, is that criminals are recycling old attack methods.
Akamai's findings revealed that 94% of observed attacks against the financial services sector came from one of four methods: SQL Injection (SQLi), Local File Inclusion (LFI), Cross-Site Scripting (XSS), and OGNL Java Injection (which accounted for more than 8 million attempts during this reporting period). OGNL Java Injection, made famous due to the Apache Struts vulnerability, continues to be used by attackers years after patches have been issued.
In the financial services industry, criminals have also started launching DDoS attacks as a distraction to conduct credential stuffing attacks or to exploit a web-based vulnerability. Over the course of 18 months, Akamai uncovered more than 800 DDoS attacks against the financial services industry alone.
Attackers are targeting financial services organizations at their weak points: the consumer, web applications and availability, because that's what works, said McKeay. Businesses are becoming better at detecting and defending against these attacks, but point defenses are bound to fail. It requires being able to detect, analyze, and defend against an intelligent criminal who's using multiple different types of tools for a business to protect its customers. For more than twenty years, Akamai has been leveraging its unique visibility into the full spectrum of attacks to help protect customers from these types of ever-evolving nefarious activities.
The criminal economy thrives, in part, because they target the financial services industry. By targeting banks for example, criminals attempt to steal sensitive data, and then turn around and use that same data to open fake accounts and lines of credit. Its a continuous cycle of crime. There is a deep level of irony in the fact that criminals are targeting the very industry they need to survive. While financial institutions are becoming better at detecting these attacks, adversaries continue to find success with old tricks, and that's a problem.
The Akamai 2019 State of the Internet / Security Report is available for download here. For additional information where the security community can access, engage with, and learn from Akamai's threat researchers and the insight that the Akamai Intelligent Edge Platform affords into the evolving threat landscape, visit Akamai's Threat Research Hub.
About Akamai Akamai secures and delivers digital experiences for the world's largest companies. Akamai's intelligent edge platform surrounds everything, from the enterprise to the cloud, so customers and their businesses can be fast, smart, and secure. Top brands globally rely on Akamai to help them realize competitive advantage through agile solutions that extend the power of their multi-cloud architectures. Akamai keeps decisions, apps and experiences closer to users than anyone - and attacks and threats far away. Akamai's portfolio of edge security, web and mobile performance, enterprise access and video delivery solutions is supported by unmatched customer service, analytics and 24/7/365 monitoring. To learn why the world's top brands trust Akamai, visit www.akamai.com, blogs.akamai.com, or @Akamai on Twitter. You can find our global co
Most recent headlines
05/01/2027
Worlds first 802.15.4ab-UWB chip verified by Calterah and Rohde & Schwarz to be ...
04/08/2026
Dalet, a leading technology and service provider for media-rich organizations, t...
04/07/2026
April 7 2026, 19:00 (PDT) Detective Conan: Fallen Angel of the Highway Opens in...
01/06/2026
January 6 2026, 05:30 (PST) Dolby Sets the New Standard for Premium Entertainment at CES 2026
Throughout the week, Dolby brings to life the latest innovatio...
02/05/2026
Dalet, a leading technology and service provider for media-rich organizations, t...
01/05/2026
January 5 2026, 18:30 (PST) NBCUniversal's Peacock to Be First Streamer to ...
13/04/2026
ToolsOnAir Composition Builder 2026 Boilerplate
More Details: The Composition Builder 2026 application for macOS enables TV stations and Live Event broadcast...
13/04/2026
ToolsOnAr just:live pro 2026 Boilerplate
More Details: just:live pro 2026 is a Multi-Channel Live Production Playout solution for video and static or real-ti...
13/04/2026
ToolsOnAr just:play pro 2026 Boilerplate
More Details: just:play pro 2026 is a Multi-Channel automated 24/7 Master Control playout solution with SD, HD and U...
13/04/2026
ToolsOnAr live:cut 2026 Boilerplate
More Details: live:cut is an option to just:in mac pro 2025 and enables multicamera production workflows for up to 16 cam...
13/04/2026
ToolsOnAir Just In Mac Lite NDI 2026 Boilerplate
More Details: The Just In Mac Lite NDI application is a streamlined media capture solution designed specific...
13/04/2026
ToolsOnAir Just In Mac Lite 2026 Boilerplate
More Details: The Just In Mac Lite application is a streamlined media capture solution designed specifically for...
13/04/2026
ToolsOnAir just:in mac pro 2026 Boilerplate
More Details: just:in mac pro is a macOS-based client-server multichannel capture solution to record SDI, HDMI, N...
13/04/2026
Telos Alliance has announced that J nger Audio has joined the EBU ADM Implementers Group (ADM-IG) as a founding member. The group is focused on advancing ADM an...
13/04/2026
Grass Valley will demonstrate its Alliance Partner ecosystem at NAB Show 2026 (Booth C2408, Central Hall, April 19-22), showing AMPP integrations across live pr...
13/04/2026
Media Links will exhibit at NAB Show 2026 (Booth W2033), demonstrating IP transport solutions for live production including hitless protection technology, Xscen...
13/04/2026
NBC Sports has announced a programming, distribution, and sales partnership with...
13/04/2026
FloSports has promoted Chief Operating Officer Jayar Donlan to President, effective immediately. In his new role, Donlan will lead the company's commercial,...
13/04/2026
PanCam Pictures, the documentary production company founded by Paul Camarata, us...
13/04/2026
Mimir will exhibit at NAB Show 2026 (North Hall, Booth N2850), demonstrating its cloud-native media production platform with new capabilities including Mimir Cu...
13/04/2026
BBright has announced that its IP Gateway now supports the Reliable Internet Stream Transport (RIST) protocol. The addition will be introduced at NAB Show 2026 ...
13/04/2026
Net Insight has been awarded a development project through the European Space Agency's Navigation Innovation and Support Program (NAVISP), with co-funding f...
13/04/2026
intoPIX will exhibit at NAB Show 2026, marking the company's 20th anniversary. The company will demonstrate its JPEG XS compression portfolio and IPMX-appro...
13/04/2026
Starting from scratch, the team built an in-house content platform comprising ga...
13/04/2026
Here's a look at some of the new products and updates, along with audio-centric conferences, that attendees will find next week at the show
When the 2026 N...
13/04/2026
Avid will launch new integrated newsroom capabilities for Avid for News at NAB Show 2026 (Booth N2226, April 18-22), demonstrating how Avid Content Core connect...
13/04/2026
Synamedia has announced a new version of Quortex PowerVu, an IP-native, software...
13/04/2026
Mediaproxy has developed a suite of AI-powered tools for brand and advertisement tracking, integrated into its LogServer compliance logging and analysis platfor...
13/04/2026
Disguise will demonstrate its media servers and software at NAB Show 2026, appearing across five partner booths in Central Hall: MRMC, B&H, Planar, CarbonBlack,...
13/04/2026
OpenDrives is introducing OpenDrives Edge at NAB Show 2026, a hybrid cloud-edge performance accelerator for distributed video and rich media workflows. The prod...
13/04/2026
The show will deploy 18 cameras across two sets and the draft floor, including a...
13/04/2026
Intuitive EQ plug-in gets an upgrade
Following its official launch back in February 2026, Musik Hack's intuitive EQ plug-in has been treated to its firs...
13/04/2026
Flagship soft synth collection expanded
The latest version of UVI's flagship vintage-inspired soft synth collection has just arrived, expanding the suit...
13/04/2026
Free version of innovative string library arrives
Released in October 2025, Lux Orchestral Strings was said to be Sonuscore's most ambitious library to ...
13/04/2026
The Girls' Research Camp is part of the Technology - Future in Bavaria edu...
13/04/2026
Rohde & Schwarz transforms submarine communications for real time underwater dom...
13/04/2026
Rohde & Schwarz enables Pulsar signal simulation to support next-generation navi...
13/04/2026
L3Harris is accelerating the development of infrared payloads for Space Development Agency's Tranche 2 Tracking Layer, to help meet urgent national defense ...
13/04/2026
By leveraging cutting-edge unfilmed Gen III image intensifier technology, NOVA delivers unmatched clarity, range, and reliability in low-light environments - en...
13/04/2026
Share
Copy link
Facebook
X
Linkedin
Bluesky
Email...
13/04/2026
Share
Copy link
Facebook
X
Linkedin
Bluesky
Email...
13/04/2026
Explore new Disguise plugins, including Sony's VP integration; Listen to panels across partner booths at Sony and B&H
Disguise, the company powering everyt...
13/04/2026
TAG Video Systems, the leading IP-native Realtime Media Platform, has announced its participation in the Media Exchange Layer (MXL) interop initiative. TAG has ...
13/04/2026
Today, Chaos launched V-Ray for Blender Community Edition at BCON Austin 2026, making its production-proven 3D renderer free for all Blender users. The same Aca...
13/04/2026
Additions strengthen LTN's leadership as broadcasters scale satellite-to-IP transition
LTN today announced the appointments of Mark Romano as Vice Presiden...
13/04/2026
LEEDS, UK, APRIL 13, 2026 NUGEN Audio releases Halo Vision v1.2, a significant update to its real time, customizable audio analysis suite for 3D, surround and...
13/04/2026
Atomos today announced the acquisition of Flanders Scientific (FSI), one of the most respected names in professional reference monitoring. This strategic move r...
13/04/2026
How Mei Semones Built Her Sound from J-Pop, Jazz, and Bilingual Songwriting The indie-pop artist combines agile guitar lines, rhythmic shifts, and lyrics that...
13/04/2026
Cue the Change: Jonathon Heyward Is Making Classical Music More Relatable Nicknamed the Converse Conductor, the Boston Conservatory alum holds top conductin...
13/04/2026
Heat Wave: Inside Miamis Sizzling, Boundary-Blurring Latin Music Scene In a city shaped by migration and exchange, Berklee alumni are helping drive a Latin mu...