Akamai Threat Research: Phishing and Credential Stuffing Attacks Remain Top Threat to Financial Services Organizations and Customers Latest State of The Internet / Security Report Observes 3.5 Billion Malicious Login Attempts Targeting the Financial Services Sector; Illustrates Akamai's Unique Threat Visibility
Cambridge, MA | July 31, 2019
Newly released data from Akamai's 2019 State of the Internet / Security Financial Services Attack Economy Report has found that 50% of all unique organizations impacted by observed phishing domains were from the financial services sector. The data shows that, in addition to unique phishing attempts, adversaries also leveraged credential stuffing attacks to the tune of 3.5 billion attempts during an 18-month period, putting the personal data and banking information of financial services customers at risk.
The report indicates that between December 2, 2018 and May 4, 2019, nearly 200,000 (197,524 to be exact) phishing domains were discovered, and of those domains, 66% targeted consumers directly. When taking the phishing domains targeting consumers only into consideration, 50% of those targeted companies in the financial services industry.
We've seen a steady rise in credential stuffing attacks over the past year, fed in part by a growth in phishing attacks against consumers, said Martin McKeay, Security Researcher at Akamai and Editorial Director of the State of the Internet / Security Report. Criminals supplement existing stolen credential data through phishing, and then one way they make money is by hijacking accounts or reselling the lists they create. We're seeing a whole economy developing to target financial services organizations and their consumers.
Once criminals have succeeded in their schemes, they need to process their ill-gotten data and funds. As Akamais report highlights, one method of dealing with this situation centers on bank drops' - packages of data that can be used to fraudulently open accounts at a given financial institution. Bank drops will typically include a persons stolen identity - often called fullz by criminals online, including name, address, date of birth, Social Security details, drivers license information, and credit score. Secure access to the fraudulent accounts comes via remote desktop servers, which are matched to the geographic location of the bank and the fullz.
Financial institutions continue to investigate the ways in which criminals are opening these drop accounts, and are working diligently to stay ahead of the curve. What most businesses don't realize, however, is that criminals are recycling old attack methods.
Akamai's findings revealed that 94% of observed attacks against the financial services sector came from one of four methods: SQL Injection (SQLi), Local File Inclusion (LFI), Cross-Site Scripting (XSS), and OGNL Java Injection (which accounted for more than 8 million attempts during this reporting period). OGNL Java Injection, made famous due to the Apache Struts vulnerability, continues to be used by attackers years after patches have been issued.
In the financial services industry, criminals have also started launching DDoS attacks as a distraction to conduct credential stuffing attacks or to exploit a web-based vulnerability. Over the course of 18 months, Akamai uncovered more than 800 DDoS attacks against the financial services industry alone.
Attackers are targeting financial services organizations at their weak points: the consumer, web applications and availability, because that's what works, said McKeay. Businesses are becoming better at detecting and defending against these attacks, but point defenses are bound to fail. It requires being able to detect, analyze, and defend against an intelligent criminal who's using multiple different types of tools for a business to protect its customers. For more than twenty years, Akamai has been leveraging its unique visibility into the full spectrum of attacks to help protect customers from these types of ever-evolving nefarious activities.
The criminal economy thrives, in part, because they target the financial services industry. By targeting banks for example, criminals attempt to steal sensitive data, and then turn around and use that same data to open fake accounts and lines of credit. Its a continuous cycle of crime. There is a deep level of irony in the fact that criminals are targeting the very industry they need to survive. While financial institutions are becoming better at detecting these attacks, adversaries continue to find success with old tricks, and that's a problem.
The Akamai 2019 State of the Internet / Security Report is available for download here. For additional information where the security community can access, engage with, and learn from Akamai's threat researchers and the insight that the Akamai Intelligent Edge Platform affords into the evolving threat landscape, visit Akamai's Threat Research Hub.
About Akamai Akamai secures and delivers digital experiences for the world's largest companies. Akamai's intelligent edge platform surrounds everything, from the enterprise to the cloud, so customers and their businesses can be fast, smart, and secure. Top brands globally rely on Akamai to help them realize competitive advantage through agile solutions that extend the power of their multi-cloud architectures. Akamai keeps decisions, apps and experiences closer to users than anyone - and attacks and threats far away. Akamai's portfolio of edge security, web and mobile performance, enterprise access and video delivery solutions is supported by unmatched customer service, analytics and 24/7/365 monitoring. To learn why the world's top brands trust Akamai, visit www.akamai.com, blogs.akamai.com, or @Akamai on Twitter. You can find our global co
Most recent headlines
05/01/2027
Worlds first 802.15.4ab-UWB chip verified by Calterah and Rohde & Schwarz to be ...
04/08/2026
Dalet, a leading technology and service provider for media-rich organizations, t...
04/07/2026
April 7 2026, 19:00 (PDT) Detective Conan: Fallen Angel of the Highway Opens in...
01/06/2026
January 6 2026, 05:30 (PST) Dolby Sets the New Standard for Premium Entertainment at CES 2026
Throughout the week, Dolby brings to life the latest innovatio...
18/05/2026
Despite a bumpy start to the year, the provider of event-production support and ...
18/05/2026
Daktronics has partnered with the University of North Carolina to manufacture and install 11 LED displays totaling more than 10,000 square feet and more than 14...
18/05/2026
CBS LA has announced a multi-year partnership with the Los Angeles Rams, covering exclusive local broadcasts of Rams preseason games, weekly year-round programm...
18/05/2026
Skyline Communications has announced an integration between its DataMiner xOps p...
18/05/2026
eCLUTCH, the hybrid esports platform powered by iKOMG, has announced an expansion of its distribution across Europe, MENA, Africa, and Asia, along with new cont...
18/05/2026
Behind The Mic provides a roundup of recent news regarding on-air talent, includ...
18/05/2026
With 22 games this season, the production team looks forward to tweaking and enhancing the coverage
After 8,660 days off the air, the WNBA returned to NBC yest...
18/05/2026
(L-R) Midori Francis and Natalie Erika James attend the Saccharine premiere during the 2026 Sundance Film Festival at The Ray Theatre on January 22, 2026, in ...
18/05/2026
Last night, the Spotify Podcast Awards in Mexico returned to the country's capital. Now in its second year, the evening honors creators whose voices are hel...
18/05/2026
ZEN-Core synth goes mobile
Roland's powerful ZEN-Core software synthesizer has just been introduced to the iPad, offering a convenient entry point into ...
18/05/2026
Versatile new limiter plug-in announced
Based in Sheffield, UK, fedDSP offer a range of plug-ins that span the music production, live sound and high-end med...
18/05/2026
A new use for convolution?
Viiri Audio's debut plug-in aims to do something a little different with convolution processing, allowing users to adjust all...
18/05/2026
Delta Goodrem shines for SBS as more than 3.27 million Australians tune in for E...
18/05/2026
The Australian Defence Force uses L3Harris T4 and T7 robots for explosive ordnan...
18/05/2026
Continued investment across Europe and Germany is expanding local teams and improving access to stock, regional expertise, and specialist broadcast support.
CV...
18/05/2026
18 May 2026
Dubai and New York, May 18, 2026 - VEON Ltd. (NASDAQ: VEON), a glob...
18/05/2026
Monday 18 May 2026
Sky News offers ad-free podcasts and bonus episodes for just...
18/05/2026
Comscore March 2026 Consumer AI Chatbot Usage Rankings Show Claude Gaining Share OpenAI's ChatGPT maintains lead while Anthropic's Claude continues to c...
17/05/2026
Delta Goodrem's Eurovision Eclipse marks end of a stellar run
17 May, 2026
Media releases
Bulgaria wins Eurovision 2026
Relive every spellbinding mome...
17/05/2026
Back to All News
Oasis Premieres on Netflix June 19
Entertainment
17 May 2026
GlobalSpain
Link copied to clipboard
Summer, sunshine, the beach, parties. T...
16/05/2026
Helps to deliver a clean, balanced midrange
Developed alongside Newfangled Audio, the latest plug-in in Eventide's software collection has been designed...
16/05/2026
Brings onboard stem rendering to RANE System One
Engine DJ have just released Engine DJ 5.0, a free update for their Engine DJ OS embedded hardware and Engi...
16/05/2026
Boris FX Continuum Pairs AI Precision and Advanced Creative Controls
Jessie Electa Petrov May 16, 2026
0 Comments
The 2026.5 release adds automatic de...
16/05/2026
Share
Copy link
Facebook
X
Linkedin
Bluesky
Email...
16/05/2026
Share
Copy link
Facebook
X
Linkedin
Bluesky
Email...
16/05/2026
Share
Copy link
Facebook
X
Linkedin
Bluesky
Email...
16/05/2026
Share
Copy link
Facebook
X
Linkedin
Bluesky
Email...
15/05/2026
Seattle Sounders FC and Seattle Reign FC, in partnership with RAVE Foundation an...
15/05/2026
Dan Brumm has served as sound designer on Bluey, the Australian children's t...
15/05/2026
The Professional Audio Manufacturers Alliance (PAMA) and Shure Incorporated are accepting applications for the 6th annual Mark Brunner Professional Audio Schola...
15/05/2026
Netflix has announced an expanded NFL schedule for 2026 and beyond under a four-year partnership extension with the NFL through the 2029-30 season. Each season,...
15/05/2026
Ateme is supporting TVRI (Televisi Republik Indonesia) with a contribution and d...
15/05/2026
Concacaf has announced the launch of a new website and mobile app built on Deltatre's FORGE platform. Concacaf.com and the mobile app, available on iOS and ...
15/05/2026
Eutelsat has announced the launch of QBC Business Economic Channel by Qatar Media Corporation, broadcasting in 4K/UHD via Eutelsat's 7/8 West video neighbo...
15/05/2026
Major League Soccer has announced four original content series timed to the 2026...
15/05/2026
The Alliance for IP Media Solutions (AIMS) has announced it will exhibit and present at InfoComm 2026, taking place June 13-19 at the Las Vegas Convention Cente...
15/05/2026
InfoComm 2026 will take place June 13-19 (exhibits June 17-19) at the Las Vegas Convention Center. The show will include sessions and exhibits covering broadcas...
15/05/2026
Tracy McGrady's Ones Basketball League (OBL) and FuboTV Inc. have announced ...
15/05/2026
Disguise has partnered with Creative Technology (CT) to deliver visual playback ...
15/05/2026
Sony Electronics has announced two new products for professional imaging: the Alpha 7R VI full-frame mirrorless camera and the FE 100-400mm F4.5 GM OSS super-te...
15/05/2026
In-venue and creative video staffers at the professional and collegiate level ha...
15/05/2026
Ratings Roundup is a rundown of recent rating news and is derived from press rel...
15/05/2026
For sports organizations, the most valuable assets are often the most sensitive:...
15/05/2026
The NFL's broadcast partners released their 2026 regular season schedules ye...
15/05/2026
Besides drawing on experience with boxing, the production integrates specialty c...
Akamai Threat Research: Phishing and Credential Stuffing Attacks Remain Top Threat to Financial Services Organizations and Customers Latest State of The Internet / Security Report Observes 3.5 Billion Malicious Login Attempts Targeting the Financial Services Sector; Illustrates Akamai's Unique Threat Visibility 
