Akamai Threat Research: Phishing and Credential Stuffing Attacks Remain Top Threat to Financial Services Organizations and Customers
01/08/2019
Cambridge, MA | July 31, 2019
Newly released data from Akamai's 2019 State of the Internet / Security Financial Services Attack Economy Report has found that 50% of all unique organizations impacted by observed phishing domains were from the financial services sector. The data shows that, in addition to unique phishing attempts, adversaries also leveraged credential stuffing attacks to the tune of 3.5 billion attempts during an 18-month period, putting the personal data and banking information of financial services customers at risk.
The report indicates that between December 2, 2018 and May 4, 2019, nearly 200,000 (197,524 to be exact) phishing domains were discovered, and of those domains, 66% targeted consumers directly. When taking the phishing domains targeting consumers only into consideration, 50% of those targeted companies in the financial services industry.
We've seen a steady rise in credential stuffing attacks over the past year, fed in part by a growth in phishing attacks against consumers, said Martin McKeay, Security Researcher at Akamai and Editorial Director of the State of the Internet / Security Report. Criminals supplement existing stolen credential data through phishing, and then one way they make money is by hijacking accounts or reselling the lists they create. We're seeing a whole economy developing to target financial services organizations and their consumers.
Once criminals have succeeded in their schemes, they need to process their ill-gotten data and funds. As Akamais report highlights, one method of dealing with this situation centers on bank drops' - packages of data that can be used to fraudulently open accounts at a given financial institution. Bank drops will typically include a persons stolen identity - often called fullz by criminals online, including name, address, date of birth, Social Security details, drivers license information, and credit score. Secure access to the fraudulent accounts comes via remote desktop servers, which are matched to the geographic location of the bank and the fullz.
Financial institutions continue to investigate the ways in which criminals are opening these drop accounts, and are working diligently to stay ahead of the curve. What most businesses don't realize, however, is that criminals are recycling old attack methods.
Akamai's findings revealed that 94% of observed attacks against the financial services sector came from one of four methods: SQL Injection (SQLi), Local File Inclusion (LFI), Cross-Site Scripting (XSS), and OGNL Java Injection (which accounted for more than 8 million attempts during this reporting period). OGNL Java Injection, made famous due to the Apache Struts vulnerability, continues to be used by attackers years after patches have been issued.
In the financial services industry, criminals have also started launching DDoS attacks as a distraction to conduct credential stuffing attacks or to exploit a web-based vulnerability. Over the course of 18 months, Akamai uncovered more than 800 DDoS attacks against the financial services industry alone.
Attackers are targeting financial services organizations at their weak points: the consumer, web applications and availability, because that's what works, said McKeay. Businesses are becoming better at detecting and defending against these attacks, but point defenses are bound to fail. It requires being able to detect, analyze, and defend against an intelligent criminal who's using multiple different types of tools for a business to protect its customers. For more than twenty years, Akamai has been leveraging its unique visibility into the full spectrum of attacks to help protect customers from these types of ever-evolving nefarious activities.
The criminal economy thrives, in part, because they target the financial services industry. By targeting banks for example, criminals attempt to steal sensitive data, and then turn around and use that same data to open fake accounts and lines of credit. Its a continuous cycle of crime. There is a deep level of irony in the fact that criminals are targeting the very industry they need to survive. While financial institutions are becoming better at detecting these attacks, adversaries continue to find success with old tricks, and that's a problem.
The Akamai 2019 State of the Internet / Security Report is available for download here. For additional information where the security community can access, engage with, and learn from Akamai's threat researchers and the insight that the Akamai Intelligent Edge Platform affords into the evolving threat landscape, visit Akamai's Threat Research Hub.
About Akamai Akamai secures and delivers digital experiences for the world's largest companies. Akamai's intelligent edge platform surrounds everything, from the enterprise to the cloud, so customers and their businesses can be fast, smart, and secure. Top brands globally rely on Akamai to help them realize competitive advantage through agile solutions that extend the power of their multi-cloud architectures. Akamai keeps decisions, apps and experiences closer to users than anyone - and attacks and threats far away. Akamai's portfolio of edge security, web and mobile performance, enterprise access and video delivery solutions is supported by unmatched customer service, analytics and 24/7/365 monitoring. To learn why the world's top brands trust Akamai, visit www.akamai.com, blogs.akamai.com, or @Akamai on Twitter. You can find our global co
LINK: | https://www.akamai.com/uk/en/about/news/press/2019-press/state-of-the-... |
See more stories from akami |
Most recent headlines
04/08/2024
Dalet Appoints Santiago Solanas as CEO to Lead Next Era of Growth and Innovation
Dalet, a leading technology and service provider for media-rich organizations, is excited to announce Santiago Solanas as its new Chief Executive Officer (CEO)....
03/06/2024
Dalet and Veritone Reach Agreement to Distribute, Transact and Monetize Media Archives
Dalet, a leading technology and service provider for media-rich organizations, a...
28/04/2024
Mediahaus delivers the first SRT live-streaming sports production over 5G with URSA Broadcast G2
Mediahaus delivers the first SRT live-streaming sports production over 5G with U...
18/04/2024
First Look: Tom Durant Pritchard joins the cast of crime drama Miss Scarlet for its fifth series
Tom Durant Pritchard as Alexander Blake Thursday 18 April 2024 Tom Durant Prit...
18/04/2024
Alone Australia goes from strength to strength
Alone Australia goes from strength to strength 18 April, 2024 Media releases The program again delivers for SBS with significant uplifts in digital BVOD vi...
18/04/2024
L3Harris to Expand and Modernize Solid Rocket Motor Manufacturing in Virginia
ORANGE COUNTY, Va., April 18, 2024 - L3Harris Technologies [NYSE:LHX] has entered into an agreement with Orange County, Virginia, to fund the expansion and mode...
18/04/2024
Achieving Air Dominance by Advancing Imaging & Designating EO/IR Capabilities
L3Harris Sky Warden multi-mission aircraft, equipped with the WESCAM MX-15 and WESCAM MX-20 EO/IR sensor systems, was selected for USSOCOMs Armed Overwatch prog...
18/04/2024
US Space Force Extends Partnership with L3Harris to Enhance Space Domain Awareness
MELBOURNE, Fla., April 18, 2024 - L3Harris Technologies (NYSE:LHX) has received ...
18/04/2024
2024 NAB Show Attendance Topped 61,000
LAS VEGAS The National Association of Broadcasters is reporting that more than 61,000 people attended the 2024 NAB Show, where artificial intelligence and the c...
18/04/2024
How today's storage and memory decisions underpin future creativity
Ann Keefe, Regional Director - UK and Ireland at Kingston Technology, explains how storage and memory decisions made now are underpinning creativity in the futu...
18/04/2024
Krisha Marcano Announced as Dean of Theater for Boston Conservatory at Berklee
Krisha Marcano Announced as Dean of Theater for Boston Conservatory at Berklee The theater educator, choreographer, and performer will join Boston Conservator...
18/04/2024
Escape Studios obtains UKVI licence to support international students
The newly acquired UKVI licence enables Escape Studios to recruit and retain international students By Matthew Corrigan Published: April 18, 2024 The newl...
18/04/2024
NAB 2024 popular among first time visitors
Attendees from more than 163 countries were present, including 34 delegation buying groups from around the world By Matthew Corrigan Published: April 18, 202...
18/04/2024
Dyn Media and NEP Germany pioneer new frontier in remote...
In August 2023, Dyn Media launched as a new broadcaster in European sports, aimed at giving sports beyond football the exposure and viewership they deserve. The...
18/04/2024
Hitomi partners with ES Broadcast Hire for US rentals
Hitomi Broadcast, market leader in audio/video alignment and latency tools based in the UK, has signed a partnership deal with global broadcast rental specialis...
18/04/2024
Screen Australia and Dynamic Television announce new Scripted Initiative
18 04 2024 - Media release Screen Australia and Dynamic Television announce new Scripted Initiative Savage River Screen Australia and Los Angeles-based telev...
18/04/2024
Vislink's DragonFly V - The Company's Smallest-Ever Transmitter Debuted at NAB 2024
Vislink's DragonFly V - The Company's Smallest-Ever Transmitter Debuted ...
18/04/2024
MediaSilo to Offer Camera to Cloud with Atomos
MediaSilo to Offer Camera to Cloud with Atomos Brie Clayton April 17, 2024 0 Comments Integration between MediaSilo and Atomos Cloud Studio unlocking ...
18/04/2024
MultiDyne Updates its SilverBULLET Series to Serve More Fiber-Optic Links
MultiDyne Updates its SilverBULLET Series to Serve More Fiber-Optic Links Brie Clayton April 17, 2024 0 Comments MultiDyne Fiber Optic Solutions intro...
18/04/2024
Cinedeck Partners with Paramount to Revolutionize Content Delivery Process
Cinedeck Partners with Paramount to Revolutionize Content Delivery Process Brie Clayton April 17, 2024 0 Comments Cinedeck, a pioneer in integrated de...
18/04/2024
Unreal for video adding rocks and foliage
Unreal for video adding rocks and foliage Graham Quince April 17, 2024 0 Comments Welcome to my series on learning Unreal Engine for After Effects u...
18/04/2024
Best Budget Beginner-Friendly 4k Drone
Best Budget Beginner-Friendly 4k Drone Sean Alami April 17, 2024 0 Comments Potensic Atom 4k 3 axis Gimbal Drone, ideal drone for beginners. Some con...
18/04/2024
Race or Just Have Fun at Rocky Mount Mills for a Good Cause, Not Your Run of the Mill 5K
Rocky Mount Mills will be overflowing with runners, families and friends, all fo...
18/04/2024
Berklee's Yoon-Ji Lee Receives Guggenheim Fellowship
Berklee's Yoon-Ji Lee Receives Guggenheim Fellowship Lee, an assistant professor of composition, creates music based on unconventional and nonlinear struc...
18/04/2024
Ben Sherwood, Former ABC President, Named CEO at The Daily Beast
Ben Sherwood, former president of Disney ABC Television Group, has been named CEO and publisher at The Daily Beast. Joanna Coles, former chief content officer a...
18/04/2024
Ping Pong for the Masses: Bringing an Old Sport to a Brand New Audience With World Table Tennis
Ping pong for the masses: Bringing an old sport to a brand new audience with Wor...
18/04/2024
Fanatical Fans: IMG on Bringing the World of Table Tennis to a New Global Audience for WTT
Fanatical fans: IMG on bringing the world of table tennis to a new global audien...
18/04/2024
Netflix Follows Dallas Cowboys Cheerleaders in New Series
Back to All News Netflix Follows Dallas Cowboys Cheerleaders in New SeriesPlay Video Play Video Entertainment 18 April 2024 GlobalUnited States Link copie...
18/04/2024
Chinese-Language Revenge Thriller Series The Resurrected' Marks International Film Stars Shu Qi and Sinje Lee's Debut on Netflix
Back to All News Chinese-Language Revenge Thriller Series The Resurrected'...
18/04/2024
'The Witcher' Season 4 Begins Production in the UK and Netflix Announces Fifth and Final Season
Back to All News The Witcher Season 4 Begins Production in the UK and Netflix A...
18/04/2024
2024-04-18
Apple has reduced its overall greenhouse gas emissions by more than 55 percent since 2015, the company shared today in its 2024 Environmental Progress Report. T...
18/04/2024
Prison Journalism: April's experiences of black boudoir
Prison Journalism: April's experiences of black boudoirThabo Mthembu was incarcerated in Pollsmoor Prison from 2014 to 2019. Read Thabo's story by Tha...
18/04/2024
Prison Journalism: Can gangsterism and violence be reduced in prison?
Prison Journalism: Can gangsterism and violence be reduced in prison?Dean Mashimbwe, a Zimbabwean migrant residing in Cape Town, was incarcerated at Pollsmoor C...
18/04/2024
Software-making music: How DJs are doing it
Software making music: How DJs are doing itSoftware plays a big part in music production, recording, and performances. Here's what DJs are using, and how yo...
18/04/2024
Tonight on House of Zwide: Zanele later blindsides an unwitting Faith into meeting with Zola
Tonight on House of Zwide: Zanele later blindsides an unwitting Faith into meeti...
18/04/2024
Debut author stuns with international bestselling thriller Anna O'
Debut author stuns with international bestselling thriller Anna O'Matthew Blake burst onto the book scene with his bestseller Anna O', a deliciously d...
18/04/2024
Up to No Good: No Rest for the Wicked' Early Access Launches on GeForce NOW
It's time to get a little wicked. Members can now stream No Rest for the Wicked from the cloud. It leads six new games joining the GeForce NOW library of m...
18/04/2024
Skeem Saam: Wednesday's episode, 17 April 2024 [video]
Skeem Saam: Wednesday's episode, 17 April 2024 [video]Missed an episode of Skeem Saam? No problem! Watch the latest episode of your favourite South African ...
18/04/2024
Watch: Trailers for the best Afrikaans movies ever made
Watch: Trailers for the best Afrikaans movies ever madeDon't know what to watch? Here are some of the best Afrikaans movie trailers ever made, including Too...
18/04/2024
Thales secures three major contracts to modernize the Portuguese railway infrastructure
Facebook Twitter LinkedIn Thales alongside partners SISINT and CONECTICABO...
18/04/2024
RT Prime Time experiment reveals disturbing content recommended to 13 year old TikTok users in Ireland
In response to growing concerns raised regarding the adverse impact of TikTok co...
18/04/2024
Remembering Alf McCarthy and Larry Masterson
We were saddened to learn this morning of the passing of our friend and former colleague, Alf McCarthy who died yesterday. We remember Alf as a popular present...
18/04/2024
NVIDIA Honors Partners of the Year in Europe, Middle East, Africa
NVIDIA today recognized 18 partners in Europe, the Middle East and Africa for their achievements and commitment to driving AI adoption. The recipients were hon...
17/04/2024
Sundance Institute Launches RFI and RFP Process to Explore Host Locations for the Sundance Film Festival in 2027 and Beyond
Opening today, the exploration is aimed at selecting a location that will preser...
17/04/2024
Spotify's Michael Krause Talks Industry Trends Ahead of Our Music and Podcasting Summits in Germany
On April 18 and 19, experts from across the audio industry-including artists, pu...
17/04/2024
Spotify Brings Entrepreneurs and Trailblazers Together to Talk the Future of Tech in the UK
With its particular combination of talent, ambition, culture, and, of course, wo...
17/04/2024
NextGen Partners With Howard University Professor Nikole Hannah-Jones on Student Podcasting Course
At Spotify, we want to equip student creators with the tools and resources neede...
17/04/2024
Strengthening Australian Industry Capability Through Sovereign Sustainment Support
L3Harris Communications Australia Field Service support continues to grow with a...
17/04/2024
L3Harris Team Aligns 10 Mirrors for NASA's Roman Telescope
An optical technician lays on a diving board suspended between NASAs Nancy Grace Roman Space Telescopes primary and secondary mirrors. The photo is a projected ...