
Akamai Threat Research: Phishing and Credential Stuffing Attacks Remain Top Threat to Financial Services Organizations and Customers Latest State of The Internet / Security Report Observes 3.5 Billion Malicious Login Attempts Targeting the Financial Services Sector; Illustrates Akamai's Unique Threat Visibility
Cambridge, MA | July 31, 2019
Newly released data from Akamai's 2019 State of the Internet / Security Financial Services Attack Economy Report has found that 50% of all unique organizations impacted by observed phishing domains were from the financial services sector. The data shows that, in addition to unique phishing attempts, adversaries also leveraged credential stuffing attacks to the tune of 3.5 billion attempts during an 18-month period, putting the personal data and banking information of financial services customers at risk.
The report indicates that between December 2, 2018 and May 4, 2019, nearly 200,000 (197,524 to be exact) phishing domains were discovered, and of those domains, 66% targeted consumers directly. When taking the phishing domains targeting consumers only into consideration, 50% of those targeted companies in the financial services industry.
We've seen a steady rise in credential stuffing attacks over the past year, fed in part by a growth in phishing attacks against consumers, said Martin McKeay, Security Researcher at Akamai and Editorial Director of the State of the Internet / Security Report. Criminals supplement existing stolen credential data through phishing, and then one way they make money is by hijacking accounts or reselling the lists they create. We're seeing a whole economy developing to target financial services organizations and their consumers.
Once criminals have succeeded in their schemes, they need to process their ill-gotten data and funds. As Akamais report highlights, one method of dealing with this situation centers on bank drops' - packages of data that can be used to fraudulently open accounts at a given financial institution. Bank drops will typically include a persons stolen identity - often called fullz by criminals online, including name, address, date of birth, Social Security details, drivers license information, and credit score. Secure access to the fraudulent accounts comes via remote desktop servers, which are matched to the geographic location of the bank and the fullz.
Financial institutions continue to investigate the ways in which criminals are opening these drop accounts, and are working diligently to stay ahead of the curve. What most businesses don't realize, however, is that criminals are recycling old attack methods.
Akamai's findings revealed that 94% of observed attacks against the financial services sector came from one of four methods: SQL Injection (SQLi), Local File Inclusion (LFI), Cross-Site Scripting (XSS), and OGNL Java Injection (which accounted for more than 8 million attempts during this reporting period). OGNL Java Injection, made famous due to the Apache Struts vulnerability, continues to be used by attackers years after patches have been issued.
In the financial services industry, criminals have also started launching DDoS attacks as a distraction to conduct credential stuffing attacks or to exploit a web-based vulnerability. Over the course of 18 months, Akamai uncovered more than 800 DDoS attacks against the financial services industry alone.
Attackers are targeting financial services organizations at their weak points: the consumer, web applications and availability, because that's what works, said McKeay. Businesses are becoming better at detecting and defending against these attacks, but point defenses are bound to fail. It requires being able to detect, analyze, and defend against an intelligent criminal who's using multiple different types of tools for a business to protect its customers. For more than twenty years, Akamai has been leveraging its unique visibility into the full spectrum of attacks to help protect customers from these types of ever-evolving nefarious activities.
The criminal economy thrives, in part, because they target the financial services industry. By targeting banks for example, criminals attempt to steal sensitive data, and then turn around and use that same data to open fake accounts and lines of credit. Its a continuous cycle of crime. There is a deep level of irony in the fact that criminals are targeting the very industry they need to survive. While financial institutions are becoming better at detecting these attacks, adversaries continue to find success with old tricks, and that's a problem.
The Akamai 2019 State of the Internet / Security Report is available for download here. For additional information where the security community can access, engage with, and learn from Akamai's threat researchers and the insight that the Akamai Intelligent Edge Platform affords into the evolving threat landscape, visit Akamai's Threat Research Hub.
About Akamai Akamai secures and delivers digital experiences for the world's largest companies. Akamai's intelligent edge platform surrounds everything, from the enterprise to the cloud, so customers and their businesses can be fast, smart, and secure. Top brands globally rely on Akamai to help them realize competitive advantage through agile solutions that extend the power of their multi-cloud architectures. Akamai keeps decisions, apps and experiences closer to users than anyone - and attacks and threats far away. Akamai's portfolio of edge security, web and mobile performance, enterprise access and video delivery solutions is supported by unmatched customer service, analytics and 24/7/365 monitoring. To learn why the world's top brands trust Akamai, visit www.akamai.com, blogs.akamai.com, or @Akamai on Twitter. You can find our global co
Most recent headlines
05/01/2027
Worlds first 802.15.4ab-UWB chip verified by Calterah and Rohde & Schwarz to be ...
06/09/2026
June 9 2026, 23:00 (PDT) Dolby and MagentaTV Bring Fans Closer to the FIFA Worl...
04/08/2026
Dalet, a leading technology and service provider for media-rich organizations, t...
09/07/2026
With 50+ cameras, three trucks, 60+ EVS channels, RFID hole-card workflows, and ...
09/07/2026
A recent graduate from Westchester, NY, this experienced technician has already started her first gig in the industry, as a REMI A2 Comms Specialist at ESPN
In...
09/07/2026
Live sports production is a fast-paced industry with no signs of slowing down. W...
09/07/2026
From a rooftop studio in Manhattan, multiple Germany-based companies share respo...
09/07/2026
Overtime has announced a content partnership with FOX One to produce Race to Glo...
09/07/2026
Clear-Com has announced that Ross Production Services (RPS) has standardized on ...
09/07/2026
The NFL has announced that NetApp will return as Presenting Partner of the NFL Madrid Game, featuring the Atlanta Falcons against the Cincinnati Bengals at the ...
09/07/2026
The R&A and Cisco have announced a multi-year partnership making Cisco the Official Network Supplier of The R&A and its Championships. Cisco will deploy AI-read...
09/07/2026
Fox Television Stations, Extreme Reach (XR), and LTN have announced the completi...
09/07/2026
Kiswe has announced a partnership with Wynn Records to launch the Wynn Records Network streaming platform, debuting Saturday, July 11 with a Salita Promotions b...
09/07/2026
NEP Europe has announced a new multi-year agreement with Wimbledon Broadcast Ser...
09/07/2026
Thropic Games, a company offering casual mobile games tied to fan fundraising for sports programs, has announced a pre-seed funding round led by The Famous Grou...
09/07/2026
Game Creek Video has reached an agreement with Grass Valley to purchase 10 K-Frame production switchers as part of a two-year fleet expansion. Two systems have ...
09/07/2026
Gravity Media is delivering a three-hub remote production workflow for ITV's...
09/07/2026
A new report from Quickplay and Caretta Research, The Broadcaster Revolution Wi...
09/07/2026
DAZN, the world's leading sports entertainment platform, has announced a long-term strategic partnership with the Esports World Cup Foundation to serve as t...
09/07/2026
The regional sports network is staying busy this summer with broadcasts of the N...
09/07/2026
Latest analogue-emulation plug-ins revealed
Universal Audio have just added two new analogue-emulation plug-ins to their DSP-powered UAD line-up. Developed ...
09/07/2026
Limited-edition mic celebrates rock icon
Neumann have partnered with the Bon Scott Estate to create a limited-edition version of the U 47 FET that honours b...
09/07/2026
Handles organisation, updates, troubleshooting & more
Created by pro-audio software developer Julian Worden, Plugin Station from Julian Michael Technologies...
09/07/2026
Introduces new $1 million advance programme
LANDR have just announced the next phase of their Fair Trade AI programme, a pioneering opt-in music-licensing p...
09/07/2026
Four new titles now available
Spitfire Audio have just introduced four new titles in their Originals range, bringing the total count of libraries in the low...
09/07/2026
SBS statement Royal Commission on Antisemitism and Social Cohesion
9 July, 2026
Media releases
SBS acknowledges the gravity of the matters before the Roy...
09/07/2026
08 July 2026, Johannesburg - The National Film and Video Foundation (NFVF), an a...
09/07/2026
Blackmagic Design Announces New UltraStudio Express 3G
Brie Clayton July 9, 2026
0 Comments
New extremely portable capture and playback models with 3G...
09/07/2026
Miri Introduces Self-Service Cellular Data and SIM Card Management Platform for ...
09/07/2026
Riedel Communications today announced that the Hong Kong Jockey Club (HKJC), one of Asia's most prestigious horse racing organizations, has significantly up...
09/07/2026
Leading North American mobile production facility provider standardizes on Grass Valley's fully IP-native K-Frame production switchers for its fleet of next...
09/07/2026
Miri Technologies Inc. is rolling out a new online portal that provides customers and resellers with self-serve management tools and usage analytics for the com...
09/07/2026
Share
Copy link
Facebook
X
Linkedin
Bluesky
Email...
09/07/2026
Cinematographer Aakash Subramaniam, WICA faced a conceptual challenge: how could he make a film about dying that doesn't feel like one? The film, Our Weird...
09/07/2026
Thursday 9 July 2026
Enjoy Gigafast speeds and Ultimate TV pack for less
The latest deals have dropped from Sky TV and Sky Broadband, the award-winning provid...
09/07/2026
Hands up who would like to dress up as a giant crisp packet?
The call that went out across the agency as our anti-litter campaign, Wish you weren't here fo...
09/07/2026
This GFN Thursday brings more games, more power and more ways to play on GeForce NOW.
The cloud gaming service is expanding with a new GeForce RTX 5080-powere...
08/07/2026
The end of the Big A' marks the demise of one more iconic sports venue and its signature sound
After 132 years as one of the preeminent horse-racing track...
08/07/2026
Memphis Athletics and Learfield have signed a long-term renewal to their 25-year relationship, which sees Learfield's Tiger Sports Properties continue repre...
08/07/2026
MLB All-Star Week returns to Philadelphia for the first time in 30 years as Amer...
08/07/2026
Former Wall Street Video event expanded to include all Enterprise sectors
SVG Enterprise has announced the inaugural Enterprise Video Summit, taking place Oct....
08/07/2026
An offseason project enhanced eight video displays around the venue in time for ...
08/07/2026
Kaseya Center has a ton of new features that weren't available to the indust...
08/07/2026
The International Federation of Film Critics (FIPRESCI) and the Sundance Film Festival are pleased to announce the establishment of a FIPRESCI jury beginning wi...
08/07/2026
Latest analogue-emulation plug-ins revealed
Universal Audio have just added two new analogue-emulation plug-ins to their DSP-powered UAD line-up. Developed ...
08/07/2026
Turn any audio loop into a playable kit
Pitch Innovations have recently introduced an interesting new tool that's capable of creating playable kits from...
08/07/2026
Adds new keyboard-split function
MonkeyC have recently launched an update that overhauls their powerful software sampler. Described as the sampler that mad...
08/07/2026
Four new delay algorithms & dual-engine functionality
Strymon have just announced that the much-anticipated MX version of their hugely popular delay pedal i...
08/07/2026
Well over half of Australia have tuned in to watch the FIFA World Cup on SBS
7 July, 2026
Media releases
Australia's Round of 32 match against Egypt a...
08/07/2026
SBS and Koorie Heritage Trust announce three-year partnership to celebrate First...