
Akamai Threat Research: Phishing and Credential Stuffing Attacks Remain Top Threat to Financial Services Organizations and Customers Latest State of The Internet / Security Report Observes 3.5 Billion Malicious Login Attempts Targeting the Financial Services Sector; Illustrates Akamai's Unique Threat Visibility
Cambridge, MA | July 31, 2019
Newly released data from Akamai's 2019 State of the Internet / Security Financial Services Attack Economy Report has found that 50% of all unique organizations impacted by observed phishing domains were from the financial services sector. The data shows that, in addition to unique phishing attempts, adversaries also leveraged credential stuffing attacks to the tune of 3.5 billion attempts during an 18-month period, putting the personal data and banking information of financial services customers at risk.
The report indicates that between December 2, 2018 and May 4, 2019, nearly 200,000 (197,524 to be exact) phishing domains were discovered, and of those domains, 66% targeted consumers directly. When taking the phishing domains targeting consumers only into consideration, 50% of those targeted companies in the financial services industry.
We've seen a steady rise in credential stuffing attacks over the past year, fed in part by a growth in phishing attacks against consumers, said Martin McKeay, Security Researcher at Akamai and Editorial Director of the State of the Internet / Security Report. Criminals supplement existing stolen credential data through phishing, and then one way they make money is by hijacking accounts or reselling the lists they create. We're seeing a whole economy developing to target financial services organizations and their consumers.
Once criminals have succeeded in their schemes, they need to process their ill-gotten data and funds. As Akamais report highlights, one method of dealing with this situation centers on bank drops' - packages of data that can be used to fraudulently open accounts at a given financial institution. Bank drops will typically include a persons stolen identity - often called fullz by criminals online, including name, address, date of birth, Social Security details, drivers license information, and credit score. Secure access to the fraudulent accounts comes via remote desktop servers, which are matched to the geographic location of the bank and the fullz.
Financial institutions continue to investigate the ways in which criminals are opening these drop accounts, and are working diligently to stay ahead of the curve. What most businesses don't realize, however, is that criminals are recycling old attack methods.
Akamai's findings revealed that 94% of observed attacks against the financial services sector came from one of four methods: SQL Injection (SQLi), Local File Inclusion (LFI), Cross-Site Scripting (XSS), and OGNL Java Injection (which accounted for more than 8 million attempts during this reporting period). OGNL Java Injection, made famous due to the Apache Struts vulnerability, continues to be used by attackers years after patches have been issued.
In the financial services industry, criminals have also started launching DDoS attacks as a distraction to conduct credential stuffing attacks or to exploit a web-based vulnerability. Over the course of 18 months, Akamai uncovered more than 800 DDoS attacks against the financial services industry alone.
Attackers are targeting financial services organizations at their weak points: the consumer, web applications and availability, because that's what works, said McKeay. Businesses are becoming better at detecting and defending against these attacks, but point defenses are bound to fail. It requires being able to detect, analyze, and defend against an intelligent criminal who's using multiple different types of tools for a business to protect its customers. For more than twenty years, Akamai has been leveraging its unique visibility into the full spectrum of attacks to help protect customers from these types of ever-evolving nefarious activities.
The criminal economy thrives, in part, because they target the financial services industry. By targeting banks for example, criminals attempt to steal sensitive data, and then turn around and use that same data to open fake accounts and lines of credit. Its a continuous cycle of crime. There is a deep level of irony in the fact that criminals are targeting the very industry they need to survive. While financial institutions are becoming better at detecting these attacks, adversaries continue to find success with old tricks, and that's a problem.
The Akamai 2019 State of the Internet / Security Report is available for download here. For additional information where the security community can access, engage with, and learn from Akamai's threat researchers and the insight that the Akamai Intelligent Edge Platform affords into the evolving threat landscape, visit Akamai's Threat Research Hub.
About Akamai Akamai secures and delivers digital experiences for the world's largest companies. Akamai's intelligent edge platform surrounds everything, from the enterprise to the cloud, so customers and their businesses can be fast, smart, and secure. Top brands globally rely on Akamai to help them realize competitive advantage through agile solutions that extend the power of their multi-cloud architectures. Akamai keeps decisions, apps and experiences closer to users than anyone - and attacks and threats far away. Akamai's portfolio of edge security, web and mobile performance, enterprise access and video delivery solutions is supported by unmatched customer service, analytics and 24/7/365 monitoring. To learn why the world's top brands trust Akamai, visit www.akamai.com, blogs.akamai.com, or @Akamai on Twitter. You can find our global co
Most recent headlines
11/12/2025
Dalet, a leading provider of cloud-native, end-to-end media workflow solutions, ...
12/11/2025
For me, no story is too small if it speaks to the ordinary Kenyan, says Wangu Kanuri, a multimedia journalist and contributor to the Nation Media Group working...
12/11/2025
Tracy Bonareri Onchoke is an investigative journalist from Kenya who strives to tell stories that amplify voices pushed to the margins' in her reports for ...
12/11/2025
Godwin Asediba who is an investigative journalist, producer and news anchor with TV3 and 3FM in Ghana, has received death threats for his work exposing injustic...
12/11/2025
SVG TranSPORT 2025: All Sessions Now Available to Watch on SVG PLAYEvent addressed the latest in live sports video contribution and distribution technologyBy SV...
12/11/2025
L-R: Ed Harris, Gyula Gazdag
Inaugural Robert Redford Luminary Award to Honor E...
12/11/2025
By Bailey Pennick
One of the most exciting things about the Sundance Film Festi...
12/11/2025
In 2023, Morgan Wallen made history when Last Night became the first solo coun...
12/11/2025
Calrec delivers future-focused production for Whisper Cymru at Wales's first-ever dedicated remote production hub Supporting a growing roster of live sports...
12/11/2025
LONDON, England November 11, 2025 - Blue Lucy, a leading provider of media management and workflow automation solutions, is pleased to announce the renewal o...
12/11/2025
ALAMEDA, Calif. Clear-Com says its communications gear was recently deployed for the ADAC RAVENOL 24h Race at Germany's N rburgring circuit, which set a rec...
12/11/2025
BRUSSELS Mediagenix has announced that it has joined the Amazon Web Services (AWS) Independent Software Vendor (ISV) Accelerate Program (ISV). This acceptance f...
12/11/2025
HUELVA, Spain Alfalite, Europe's only LED screen manufacturer, has announced a strategic partnership with Adistec Corp, a leading distributor of infrastruct...
12/11/2025
MONTREAL Stingray Group Inc. has announced that it has entered into a definitive agreement to acquire TuneIn Holdings, Inc. ( 'TuneIn''), a pioneer ...
12/11/2025
Vubiquity, an Amdocs company and global leader in technology-led media services, today announced it has achieved the Amazon Web Services (AWS) Media & Entertain...
12/11/2025
Over 200 upgraded sites now delivering 2G and 3G mobile data services to more th...
12/11/2025
NEW YORK and WASHINGTON DirecTV Advertising has launched DirecTV Elect, a new digital platform powered by AI that is specifically designed for political adverti...
12/11/2025
WASHINGTON Federal Communications Commission Chair Brendan Carr has weighed in on the blackout of ABC, ESPN and other Disney programming on YouTube TV with a po...
12/11/2025
12 Nov 2025
VEON Wins Corporate Governance Awards for Kyivstar Listing and Tech...
12/11/2025
GROWING DATA DEMAND CONTINUES TO BE THE MAIN DRIVER OF MAGYAR TELEKOM'S RESU...
12/11/2025
Wednesday 12 November 2025
Sky unveils first of its kind clean power system for film and TV production
Sky has today unveiled a major new clean energy system ...
12/11/2025
Back to All News
The Accident 2 Welcomes B rbara de Regil to the Cast and Premi...
12/11/2025
Wednesday 12th November - Bel m, Brazil - Today, leading organizations IEC, ISO and ULSE, initiators of the Standards Pavilion at UNFCCC COP30, published a join...
12/11/2025
Arvato Systems Becomes Preferred Business Partner of the German Bundesverband E-...
12/11/2025
RT Choice Music Prize
In association with IMRO and IRMA
2 0 2 6 K E Y D A T E S
Irish Album of the Year 2025 Shortlist 19th January
Irish Song of the ...
12/11/2025
In the age of AI reasoning, training smarter, more capable models is critical to scaling intelligence. Delivering the massive performance to meet this new age r...
12/11/2025
Parents jailed for over two years after bringing their daughter to hospital for ...
12/11/2025
Large language model (LLM)-based AI assistants are powerful productivity tools, but without the right context and information, they can struggle to provide nuan...
11/11/2025
SVG Sit-Down: How Pixellot's Automated-Production-Tech Stack Is Evolving in ...
11/11/2025
Introducing SVG's New Platinum White Papers' PlatformTop technology providers detail how they are innovating in sports productionBy SVG Staff
Tuesday...
11/11/2025
SVG All-Stars: Vanessa Lindsey, Senior Director, Technical and Remote Operations...
11/11/2025
Lesson Plan: How Big Ten Network's StudentU Produces Broadcast Pros - and 2,...
11/11/2025
Peacock Performance View Feature Now Available for All NBA Games on PeacockBy Jason Dachman, Editorial Director, U.S.
Tuesday, November 11, 2025 - 2:10 pm
P...
11/11/2025
Today, Spotify and the National Music Publishers' Association (NMPA) launche...
11/11/2025
This year, SGL Carbons Willich site is celebrating a special anniversary. For 30...
11/11/2025
Rural connectivity rising fast
Traditional media still matters
Rural Filipinos...
11/11/2025
Wohler has said it has added three Secure Reliable Transport (SRT) connections to its new iVAM2-MPEG monitor....
11/11/2025
OpenDrives, Inc., a leader in software-defined data storage and data services, recently hosted an exclusive event in Los Angeles to celebrate the soft launch of...
11/11/2025
NAKIVO Inc., a fast-growing software company specialising in data protection and disaster recovery solutions for virtual, physical, cloud, and SaaS environments...
11/11/2025
Amagi, a cloud-based SaaS technology solutions provider for broadcast and streaming TV, today announced that Kogan Australia, one of the country's leading e...
11/11/2025
The Romanian Radio Broadcasting Company (SRR) has commissioned a new state-of-the-art radio production and broadcast facility centred on a DHD RX2 and TX2 conso...
11/11/2025
Alfalite, Europe's only LED screen manufacturer, has announced a strategic partnership with Adistec Corp, a leading value-added distributor of infrastructur...
11/11/2025
Delivering dedicated remote production facilities across a range of live sports for a growing roster of broadcast clients, the Cymru Broadcast Centre (CBC) at W...
11/11/2025
Luxembourg, 6 November 2025 -- SES S.A. fully consolidates Intelsat from 17 July 2025 and announces financial results for the nine months and three months ended...
11/11/2025
NEW YORK AccuWeather has announced a multi-year deal with MS Now to provide weather forecasts, content, data, and access to its expert meteorologists to the net...
11/11/2025
NEW YORK Ookla has introduced Speedtest Pulse, a new network diagnostic device designed to provide definitive, smartphone-based validation and troubleshooting f...
11/11/2025
In a rollout that will further heighten the competition between streaming services and local broadcasters, Prime Video is rolling out location-based interactive...
11/11/2025
Back to All News
Pride Collides and Bodies Move as One in 10DANCE' Main Tr...
11/11/2025
Rohde & Schwarz and its partners unveil new satellite payload testing innovation...
11/11/2025
Back to All News
The Fourth Season of Alpha Males Arrives on Netflix on January 9
Entertainment
11 November 2025
GlobalSpain
Link copied to clipboard
Toge...