Akamai Threat Research: Phishing and Credential Stuffing Attacks Remain Top Threat to Financial Services Organizations and Customers Latest State of The Internet / Security Report Observes 3.5 Billion Malicious Login Attempts Targeting the Financial Services Sector; Illustrates Akamai's Unique Threat Visibility
Cambridge, MA | July 31, 2019
Newly released data from Akamai's 2019 State of the Internet / Security Financial Services Attack Economy Report has found that 50% of all unique organizations impacted by observed phishing domains were from the financial services sector. The data shows that, in addition to unique phishing attempts, adversaries also leveraged credential stuffing attacks to the tune of 3.5 billion attempts during an 18-month period, putting the personal data and banking information of financial services customers at risk.
The report indicates that between December 2, 2018 and May 4, 2019, nearly 200,000 (197,524 to be exact) phishing domains were discovered, and of those domains, 66% targeted consumers directly. When taking the phishing domains targeting consumers only into consideration, 50% of those targeted companies in the financial services industry.
We've seen a steady rise in credential stuffing attacks over the past year, fed in part by a growth in phishing attacks against consumers, said Martin McKeay, Security Researcher at Akamai and Editorial Director of the State of the Internet / Security Report. Criminals supplement existing stolen credential data through phishing, and then one way they make money is by hijacking accounts or reselling the lists they create. We're seeing a whole economy developing to target financial services organizations and their consumers.
Once criminals have succeeded in their schemes, they need to process their ill-gotten data and funds. As Akamais report highlights, one method of dealing with this situation centers on bank drops' - packages of data that can be used to fraudulently open accounts at a given financial institution. Bank drops will typically include a persons stolen identity - often called fullz by criminals online, including name, address, date of birth, Social Security details, drivers license information, and credit score. Secure access to the fraudulent accounts comes via remote desktop servers, which are matched to the geographic location of the bank and the fullz.
Financial institutions continue to investigate the ways in which criminals are opening these drop accounts, and are working diligently to stay ahead of the curve. What most businesses don't realize, however, is that criminals are recycling old attack methods.
Akamai's findings revealed that 94% of observed attacks against the financial services sector came from one of four methods: SQL Injection (SQLi), Local File Inclusion (LFI), Cross-Site Scripting (XSS), and OGNL Java Injection (which accounted for more than 8 million attempts during this reporting period). OGNL Java Injection, made famous due to the Apache Struts vulnerability, continues to be used by attackers years after patches have been issued.
In the financial services industry, criminals have also started launching DDoS attacks as a distraction to conduct credential stuffing attacks or to exploit a web-based vulnerability. Over the course of 18 months, Akamai uncovered more than 800 DDoS attacks against the financial services industry alone.
Attackers are targeting financial services organizations at their weak points: the consumer, web applications and availability, because that's what works, said McKeay. Businesses are becoming better at detecting and defending against these attacks, but point defenses are bound to fail. It requires being able to detect, analyze, and defend against an intelligent criminal who's using multiple different types of tools for a business to protect its customers. For more than twenty years, Akamai has been leveraging its unique visibility into the full spectrum of attacks to help protect customers from these types of ever-evolving nefarious activities.
The criminal economy thrives, in part, because they target the financial services industry. By targeting banks for example, criminals attempt to steal sensitive data, and then turn around and use that same data to open fake accounts and lines of credit. Its a continuous cycle of crime. There is a deep level of irony in the fact that criminals are targeting the very industry they need to survive. While financial institutions are becoming better at detecting these attacks, adversaries continue to find success with old tricks, and that's a problem.
The Akamai 2019 State of the Internet / Security Report is available for download here. For additional information where the security community can access, engage with, and learn from Akamai's threat researchers and the insight that the Akamai Intelligent Edge Platform affords into the evolving threat landscape, visit Akamai's Threat Research Hub.
About Akamai Akamai secures and delivers digital experiences for the world's largest companies. Akamai's intelligent edge platform surrounds everything, from the enterprise to the cloud, so customers and their businesses can be fast, smart, and secure. Top brands globally rely on Akamai to help them realize competitive advantage through agile solutions that extend the power of their multi-cloud architectures. Akamai keeps decisions, apps and experiences closer to users than anyone - and attacks and threats far away. Akamai's portfolio of edge security, web and mobile performance, enterprise access and video delivery solutions is supported by unmatched customer service, analytics and 24/7/365 monitoring. To learn why the world's top brands trust Akamai, visit www.akamai.com, blogs.akamai.com, or @Akamai on Twitter. You can find our global co
Most recent headlines
05/01/2027
Worlds first 802.15.4ab-UWB chip verified by Calterah and Rohde & Schwarz to be ...
01/06/2026
January 6 2026, 05:30 (PST) Dolby Sets the New Standard for Premium Entertainment at CES 2026
Throughout the week, Dolby brings to life the latest innovatio...
01/05/2026
January 5 2026, 18:30 (PST) NBCUniversal's Peacock to Be First Streamer to ...
01/04/2026
January 4 2026, 18:00 (PST) DOLBY AND DOUYIN EMPOWER THE NEXT GENERATON OF CREATORS WITH DOLBY VISION
Douyin Users Can Now Create And Share Videos With Stun...
20/01/2026
SVG Sit-Down: BitFire's Jim Akimchuk on the Future of Cloud, Remote, Softwar...
20/01/2026
From architecture to reality: What CBC's Milano Cortina 2026 workflows tell ...
20/01/2026
Milano Cortina 2026: Making the Winter Olympics and Paralympics workflow work fo...
20/01/2026
Countdown to Milano Cortina 2026: SVG Launches SportsTechLive Blog in Lead-up to...
20/01/2026
Grand finale: Rally Saudi Arabia pushes WRC to make the most of cameras and dron...
20/01/2026
State of Change: What's Happening in the Remote-Production Business?NEP Group, Game Creek Video, Dome Productions, Mobile TV Group, Program Productions exec...
20/01/2026
CFP National Championship 2026: A Look Back at SVG's Complete CoverageGo behind the scenes with ESPN, Game Creek Video, Van Wagner, and the champion Indiana...
20/01/2026
The Gotham, Film Independent, and Creators Coalition on AI Join Alliance
by Michelle Satter, Founding Senior Director, Sundance Institute's Artist Programs...
20/01/2026
The National Film and Video Foundation (NFVF), an agency of the Department of Sp...
20/01/2026
December, the first month of winter and the holiday season, has traditionally encouraged families to spend time together in front of the television. During this...
20/01/2026
During December, streaming's share of TV viewing in Mexico settled at 24.3%, an increase of 0.1 share points from the previous month.
Disclaimer: YUMI TV,...
20/01/2026
Christmas Day is Most-Streamed Day Ever with 55 Billion Viewing Minutes, led by...
20/01/2026
Share Share by:
Copy link
Facebook
X
Whatsapp
Pinterest
Flipboard...
20/01/2026
Disguise and ASB GlassFloor today announced a strategic partnership that turns the arena floor into a fully customizable interactive digital surface. This will ...
20/01/2026
Last summer, ITV celebrated the tenth anniversary of its popular reality dating show, Love Island. To ramp up the excitement of series 12 (launched in the UK on...
20/01/2026
Berklee's Mark Ethier Named One of SPIN's Most Influential People in Mus...
20/01/2026
Share Share by:
Copy link
Facebook
X
Whatsapp
Pinterest
Flipboard...
20/01/2026
Share Share by:
Copy link
Facebook
X
Whatsapp
Pinterest
Flipboard...
20/01/2026
Emergent, a provider of AI-powered media production solutions, today announced its presence at ISE 2026 in Barcelona, taking place February 3 6, where it will u...
20/01/2026
Back to All News
Netflix and Warner Bros. Discovery Amend Agreement to All-Cash Transaction
Business
20 January 2026
Global
Link copied to clipboard
All-C...
20/01/2026
Back to All News
Now You Can Play a Role in Our Live Events With Real-Time Voting
Elmar Nubbemeyer
VP, Member Product
Product
20 January 2026
Global
Link...
19/01/2026
CFP National Championship 2026: Indiana Football's Digital Crew Generate Hyp...
19/01/2026
CFP National Championship 2026: Van Wagner Relies on Experience for Indiana-Miam...
19/01/2026
CFP National Championship 2026: Game Creek Video Fields Premiere IP Compound for...
19/01/2026
CFP National Championship 2026: For a Slew of Studio Shows, ESPN Turns Hard Rock...
19/01/2026
CFP National Championship 2026: ESPN's Sweeping Live Game Production Leverag...
19/01/2026
The new L3Harris NOVA binocular system is the every-soldier goggle' - and the beginning of a new era for night-vison capability....
19/01/2026
The Majority of Those Surveyed Prefer to Buy Brands Who Advertise in Content Tha...
19/01/2026
Back to All News
Straight to Hell' Sets April 27 Premiere: Teaser Trailer,...
19/01/2026
New Workflow Enhancements for All Broadcast Pix Systems, Plus 4-Channel ISO Recording for Hybrid and Roadie Tyngsboro, Mass. - January 2025 - Broadcast Pix ann...
19/01/2026
Monday 19 January 2026
Sky News reinvents News at Ten for the modern audience with The Wrap
Sky News today announces The Wrap, a bold evolution of its 10pm ou...
19/01/2026
Back to All News
Netflix Announces the Series Nights & Days, Directed by Kamila...
19/01/2026
DPA Microphones is striking a new chord in piano miking with the debut of its DPK2015 Piano Stereo Kit, an out-of-the-box, plug-and-play miking solution that ta...
19/01/2026
DPA Microphones will present its 4099 CORE Instrument Microphone and redesigned...
19/01/2026
Trianel relies on Arvato Systems for future-proof data center operations
Moving to the cloud: Arvato Systems implements extensive IT migration project
Migrat...
19/01/2026
Celebrating 21 Years of the RT Choice Music Prize
RT Choice Music Prize
In association with IMRO and IRMA
Irish Album of the Year 2025 - Shortlist Announce...
18/01/2026
January 18 2026, 21:30 (PST) Dolby Cinema Arrives in Bengaluru: Dolby Laborator...
17/01/2026
Lightware, an industry leader in signal management, is helping to elevate the Google Meet experience with the introduction of an integration with Taurus UCX. Th...
17/01/2026
Clear-Com announced a strategic partnership with NETGEAR AV to offer four high-performance networking switches as original equipment manufacturer (OEM) solutio...
17/01/2026
QuickLink, a leading provider of award-winning video production and remote guest contribution solutions, today announced a new U.S. distribution partnership wit...
17/01/2026
NUGEN Audio announces the latest evolution of MasterCheck, its industry-trusted optimization plug-in for cross-platform mastering and loudness verification. Des...
17/01/2026
BHV has announced that it will highlight its new SportsBox remote vision mixer and picture processor at ISE in Booth #4H900 marking its official introduction in...
17/01/2026
Clear-Com will return to ISE 2026 to demonstrate its latest intercom solutions for broadcast, live production, and AV professionals. Exhibiting at Stand #4P700...
17/01/2026
Grass Valley, a leading provider in live production solutions, will exhibit at ISE 2026 in Barcelona from February 3 6, presenting its vision for how modern Bro...
17/01/2026
Utelogy Corporation, the global leader in connected workplace management, monitoring, control, automation and analytics closes out a record-breaking 2025. The c...
Akamai Threat Research: Phishing and Credential Stuffing Attacks Remain Top Threat to Financial Services Organizations and Customers Latest State of The Internet / Security Report Observes 3.5 Billion Malicious Login Attempts Targeting the Financial Services Sector; Illustrates Akamai's Unique Threat Visibility 
