Akamai Threat Research: Phishing and Credential Stuffing Attacks Remain Top Threat to Financial Services Organizations and Customers Latest State of The Internet / Security Report Observes 3.5 Billion Malicious Login Attempts Targeting the Financial Services Sector; Illustrates Akamai's Unique Threat Visibility
Cambridge, MA | July 31, 2019
Newly released data from Akamai's 2019 State of the Internet / Security Financial Services Attack Economy Report has found that 50% of all unique organizations impacted by observed phishing domains were from the financial services sector. The data shows that, in addition to unique phishing attempts, adversaries also leveraged credential stuffing attacks to the tune of 3.5 billion attempts during an 18-month period, putting the personal data and banking information of financial services customers at risk.
The report indicates that between December 2, 2018 and May 4, 2019, nearly 200,000 (197,524 to be exact) phishing domains were discovered, and of those domains, 66% targeted consumers directly. When taking the phishing domains targeting consumers only into consideration, 50% of those targeted companies in the financial services industry.
We've seen a steady rise in credential stuffing attacks over the past year, fed in part by a growth in phishing attacks against consumers, said Martin McKeay, Security Researcher at Akamai and Editorial Director of the State of the Internet / Security Report. Criminals supplement existing stolen credential data through phishing, and then one way they make money is by hijacking accounts or reselling the lists they create. We're seeing a whole economy developing to target financial services organizations and their consumers.
Once criminals have succeeded in their schemes, they need to process their ill-gotten data and funds. As Akamais report highlights, one method of dealing with this situation centers on bank drops' - packages of data that can be used to fraudulently open accounts at a given financial institution. Bank drops will typically include a persons stolen identity - often called fullz by criminals online, including name, address, date of birth, Social Security details, drivers license information, and credit score. Secure access to the fraudulent accounts comes via remote desktop servers, which are matched to the geographic location of the bank and the fullz.
Financial institutions continue to investigate the ways in which criminals are opening these drop accounts, and are working diligently to stay ahead of the curve. What most businesses don't realize, however, is that criminals are recycling old attack methods.
Akamai's findings revealed that 94% of observed attacks against the financial services sector came from one of four methods: SQL Injection (SQLi), Local File Inclusion (LFI), Cross-Site Scripting (XSS), and OGNL Java Injection (which accounted for more than 8 million attempts during this reporting period). OGNL Java Injection, made famous due to the Apache Struts vulnerability, continues to be used by attackers years after patches have been issued.
In the financial services industry, criminals have also started launching DDoS attacks as a distraction to conduct credential stuffing attacks or to exploit a web-based vulnerability. Over the course of 18 months, Akamai uncovered more than 800 DDoS attacks against the financial services industry alone.
Attackers are targeting financial services organizations at their weak points: the consumer, web applications and availability, because that's what works, said McKeay. Businesses are becoming better at detecting and defending against these attacks, but point defenses are bound to fail. It requires being able to detect, analyze, and defend against an intelligent criminal who's using multiple different types of tools for a business to protect its customers. For more than twenty years, Akamai has been leveraging its unique visibility into the full spectrum of attacks to help protect customers from these types of ever-evolving nefarious activities.
The criminal economy thrives, in part, because they target the financial services industry. By targeting banks for example, criminals attempt to steal sensitive data, and then turn around and use that same data to open fake accounts and lines of credit. Its a continuous cycle of crime. There is a deep level of irony in the fact that criminals are targeting the very industry they need to survive. While financial institutions are becoming better at detecting these attacks, adversaries continue to find success with old tricks, and that's a problem.
The Akamai 2019 State of the Internet / Security Report is available for download here. For additional information where the security community can access, engage with, and learn from Akamai's threat researchers and the insight that the Akamai Intelligent Edge Platform affords into the evolving threat landscape, visit Akamai's Threat Research Hub.
About Akamai Akamai secures and delivers digital experiences for the world's largest companies. Akamai's intelligent edge platform surrounds everything, from the enterprise to the cloud, so customers and their businesses can be fast, smart, and secure. Top brands globally rely on Akamai to help them realize competitive advantage through agile solutions that extend the power of their multi-cloud architectures. Akamai keeps decisions, apps and experiences closer to users than anyone - and attacks and threats far away. Akamai's portfolio of edge security, web and mobile performance, enterprise access and video delivery solutions is supported by unmatched customer service, analytics and 24/7/365 monitoring. To learn why the world's top brands trust Akamai, visit www.akamai.com, blogs.akamai.com, or @Akamai on Twitter. You can find our global co
Most recent headlines
11/12/2025
Dalet, a leading provider of cloud-native, end-to-end media workflow solutions, ...
08/12/2025
Nielsen's robust data offering enables marketers to connect with their target audience more effectively and drive better results throughout Amazon's adv...
08/12/2025
LOS ANGELES and NEW YORK Paramount has launched a hostile takeover bid for Warner Bros. Discovery with an all-cash tender offer to acquire all of the outstandin...
08/12/2025
EMERYVILLE, Calif. Media and entertainment technology and services provider Advanced Systems Group has named Macky Beheshti as director, enterprise storage and ...
08/12/2025
DENVER MediaKind, a global provider of cloud-based video streaming technology announced today that it is acquiring the video business of Harmonic Inc. for appro...
08/12/2025
NEW YORK Nielsen has announced that its Audience Segments from Nielsen Marketing Cloud (NMC) are now available across the Amazon Ads marketplace, including the ...
08/12/2025
Marshall Electronics showcases the CV355-27X-ND3 Optical Zoom NDI (NDI HX2, NDI HX3) Camera at ISE 2026 (Booth 4N900). Designed for users seeking high-quality ...
08/12/2025
Cinnafilm today announced the immediate availability of IPx LIVE and Tachyon LIVE, delivering broadcast-grade, real-time IP video transcoding and motion-compens...
08/12/2025
Following a successful 45th anniversary year in 2024, Hiltron reports increasing demand for its wide range of satellite communication equipment manufacturing, p...
08/12/2025
Arvato Systems Receives gematik-approval for TI-Messenger tim
Approval secured for TI Messenger tim - paving the way for secure and interoperable communicat...
08/12/2025
Eurovision winner Niamh Kavanagh is the first celebrity to be revealed for the s...
08/12/2025
Changing children's lives for good: A staggering 4.6 million raised in the 2025 appeal
The people of Ireland and people all over the world have once again...
08/12/2025
It's murder on the dancefloor as The Traitors Ireland legend Paudie Moloney ...
06/12/2025
In a live broadcast from the Reagan National Defense Forum, L3Harris Chair and CEO Christopher Kubasik joined Morgan Brennan on CNBCs Closing Bell: Overtime. Ku...
06/12/2025
FORT LAUDERDALE, Fla. A new survey from Pixitmedia by Datacore revealed a major shift in the Media & Entertainment industry in media archiving, with 85% of resp...
06/12/2025
HACKENSACK, N.J. LiveU has announced that the national public broadcaster Czech Television has completed one of the largest LiveU live production deployments fo...
06/12/2025
NEW YORK The National Academy of Television Arts and Sciences (NATAS) presented the Excellence in Production Technology Emmy Award to NASA+ and Dr. Tom Leight...
05/12/2025
2025 Sports Broadcasting Hall of Fame: Curt Gowdy Jr. - Master Storyteller, Nati...
05/12/2025
SVG Sit-Down: Veritone's Sean King on the Power of Mining Video, Audio DataThe company's Data Refinery offers users total control and governance over da...
05/12/2025
Platinum White Paper: Inside the Nashville Predators' Unified, Flexible, Sca...
05/12/2025
Netflix Reaches Agreement To Acquire Warner Bros. Following Planned WBD SplitThe deal does not include WBDs sports assets like TNT Sports (US, UK, LatAm), Euros...
05/12/2025
FOX Sports Returns to Indianapolis for Primetime Broadcast of Big Ten Championsh...
05/12/2025
SVG Summit 2025 Preview: Digital Engagement & Monetization Workshop Tackles the ...
05/12/2025
Atlanta United Lights Up New Emory Healthcare Studio With First Live Broadcast f...
05/12/2025
As Messi Takes the Pitch, MLS, Apple, NEP Roll Out Largest MLS Cup Production Ev...
05/12/2025
ESPN Enters College Football's Most Intense Month With Elevated Workflows fo...
05/12/2025
It's about that time! Awards season is in full swing, and the Film Independe...
05/12/2025
Every year, Spotify Wrapped offers a personalized look back at the audio that defined your year. It's a snapshot of your listening habits, designed to tell ...
05/12/2025
In 2025, Spotify's EQUAL, GLOW, and RADAR programs celebrated women, LGBTQIA , and emerging artists who turned moments into milestones. From breaking record...
05/12/2025
In our latest blog, we explain how Wi-Fi 7 rollouts can drive consumer loyalty with value-add services such as consumer cybersecurity. We also explore how this ...
05/12/2025
LOS ANGELES Netflix announced it has entered into an agreement to acquire the assets of Warner Bros. for $82.7 billion....
05/12/2025
NEW YORK Nielsens Gracenote has launched Gracenote Content Connect, a new ad platform that provides agencies, brands, supply-side platforms (SSPs) and demand-si...
05/12/2025
NEW YORK In an important update to the workings of deal-based programmatic advertising, IAB Tech Lab has released version 1.0 of its Deals API for public commen...
05/12/2025
NEW YORK Pass the turkey. Pass the stuffing. Pass the cranberry sauce. All are common requests of Americans celebrating Thanksgiving Day with family and f...
05/12/2025
NEW YORK Iris, the new cloud-connected camera control platform, has officially launched with features that turn virtually any PTZ camera into a software-connect...
05/12/2025
HOLLYWOOD, Calif. Netflix announced today that it has entered into an agreement to acquire the assets of Warner Bros. for $82.7 billion....
05/12/2025
NEW YORK Iris, the new cloud-connected camera control platform, has officially launched with features that turn virtually any PTZ camera into a software-connect...
05/12/2025
WASHINGTON The Federal Communications Commission has approved AT&T's $1.02 billion acquisition of spectrum from UScellular in a decision that was issued sho...
05/12/2025
The Best Coldplay Songs: 21 Tracks That Shoot for the Stars From Yellow to Viva La Vida, Fix You to Paradise, this playlist goes back to the start.
December ...
05/12/2025
Zafris Lecture Series Brings Nabil Ayers to Berklee The 32nd annual James G. Zafris Distinguished Lecture series was held on Thursday, November 13, with guest...
05/12/2025
Back to All News
Netflix Unveils the First Look for Land of Sin' - Premier...
05/12/2025
Introducing New Perks to Help You Get Even More from LinkedIn Premium Published on Dec 5, 2025 Categories: Company News, Product News
LinkedIn Corporate Co...
05/12/2025
Friday 5 December 2025
A new Game of Thrones Tale: Official trailer for Sky Exc...
05/12/2025
Back to All News
Don Lee, Lee Jin-uk, and Lalisa Manobal to Star in Netflix Act...
05/12/2025
Tis the season of giving once again and this year we've taken our Give Back Fridays' concept and turned it on its head.
In the autumn we were approach...
05/12/2025
Brayden Gogis doesn't remember a time when he wasn't completely fixated on games in all forms. In preschool, when they asked us to dress up as what we ...
05/12/2025
The Grinch steals the spotlight as the theme for The Late Late Toy Show 2025
Tune in tonight at 9:35pm on RT One and worldwide on RT Player
#LateLateToyShow...
05/12/2025
RT Announces New Presenters of Flagship News Programmes
New RT Six One News co-presenter Tommy Meskill
Sarah McInerney & Justin McCarthy join Morning Ir...
04/12/2025
ToolsOnAir Blackmagic Design HyperDeck Event Presets for just:in mac pro 2025 & ...
Akamai Threat Research: Phishing and Credential Stuffing Attacks Remain Top Threat to Financial Services Organizations and Customers Latest State of The Internet / Security Report Observes 3.5 Billion Malicious Login Attempts Targeting the Financial Services Sector; Illustrates Akamai's Unique Threat Visibility 
