
Akamai Threat Research: Phishing and Credential Stuffing Attacks Remain Top Threat to Financial Services Organizations and Customers Latest State of The Internet / Security Report Observes 3.5 Billion Malicious Login Attempts Targeting the Financial Services Sector; Illustrates Akamai's Unique Threat Visibility
Cambridge, MA | July 31, 2019
Newly released data from Akamai's 2019 State of the Internet / Security Financial Services Attack Economy Report has found that 50% of all unique organizations impacted by observed phishing domains were from the financial services sector. The data shows that, in addition to unique phishing attempts, adversaries also leveraged credential stuffing attacks to the tune of 3.5 billion attempts during an 18-month period, putting the personal data and banking information of financial services customers at risk.
The report indicates that between December 2, 2018 and May 4, 2019, nearly 200,000 (197,524 to be exact) phishing domains were discovered, and of those domains, 66% targeted consumers directly. When taking the phishing domains targeting consumers only into consideration, 50% of those targeted companies in the financial services industry.
We've seen a steady rise in credential stuffing attacks over the past year, fed in part by a growth in phishing attacks against consumers, said Martin McKeay, Security Researcher at Akamai and Editorial Director of the State of the Internet / Security Report. Criminals supplement existing stolen credential data through phishing, and then one way they make money is by hijacking accounts or reselling the lists they create. We're seeing a whole economy developing to target financial services organizations and their consumers.
Once criminals have succeeded in their schemes, they need to process their ill-gotten data and funds. As Akamais report highlights, one method of dealing with this situation centers on bank drops' - packages of data that can be used to fraudulently open accounts at a given financial institution. Bank drops will typically include a persons stolen identity - often called fullz by criminals online, including name, address, date of birth, Social Security details, drivers license information, and credit score. Secure access to the fraudulent accounts comes via remote desktop servers, which are matched to the geographic location of the bank and the fullz.
Financial institutions continue to investigate the ways in which criminals are opening these drop accounts, and are working diligently to stay ahead of the curve. What most businesses don't realize, however, is that criminals are recycling old attack methods.
Akamai's findings revealed that 94% of observed attacks against the financial services sector came from one of four methods: SQL Injection (SQLi), Local File Inclusion (LFI), Cross-Site Scripting (XSS), and OGNL Java Injection (which accounted for more than 8 million attempts during this reporting period). OGNL Java Injection, made famous due to the Apache Struts vulnerability, continues to be used by attackers years after patches have been issued.
In the financial services industry, criminals have also started launching DDoS attacks as a distraction to conduct credential stuffing attacks or to exploit a web-based vulnerability. Over the course of 18 months, Akamai uncovered more than 800 DDoS attacks against the financial services industry alone.
Attackers are targeting financial services organizations at their weak points: the consumer, web applications and availability, because that's what works, said McKeay. Businesses are becoming better at detecting and defending against these attacks, but point defenses are bound to fail. It requires being able to detect, analyze, and defend against an intelligent criminal who's using multiple different types of tools for a business to protect its customers. For more than twenty years, Akamai has been leveraging its unique visibility into the full spectrum of attacks to help protect customers from these types of ever-evolving nefarious activities.
The criminal economy thrives, in part, because they target the financial services industry. By targeting banks for example, criminals attempt to steal sensitive data, and then turn around and use that same data to open fake accounts and lines of credit. Its a continuous cycle of crime. There is a deep level of irony in the fact that criminals are targeting the very industry they need to survive. While financial institutions are becoming better at detecting these attacks, adversaries continue to find success with old tricks, and that's a problem.
The Akamai 2019 State of the Internet / Security Report is available for download here. For additional information where the security community can access, engage with, and learn from Akamai's threat researchers and the insight that the Akamai Intelligent Edge Platform affords into the evolving threat landscape, visit Akamai's Threat Research Hub.
About Akamai Akamai secures and delivers digital experiences for the world's largest companies. Akamai's intelligent edge platform surrounds everything, from the enterprise to the cloud, so customers and their businesses can be fast, smart, and secure. Top brands globally rely on Akamai to help them realize competitive advantage through agile solutions that extend the power of their multi-cloud architectures. Akamai keeps decisions, apps and experiences closer to users than anyone - and attacks and threats far away. Akamai's portfolio of edge security, web and mobile performance, enterprise access and video delivery solutions is supported by unmatched customer service, analytics and 24/7/365 monitoring. To learn why the world's top brands trust Akamai, visit www.akamai.com, blogs.akamai.com, or @Akamai on Twitter. You can find our global co
Most recent headlines
05/01/2027
Worlds first 802.15.4ab-UWB chip verified by Calterah and Rohde & Schwarz to be ...
04/08/2026
Dalet, a leading technology and service provider for media-rich organizations, t...
04/07/2026
April 7 2026, 19:00 (PDT) Detective Conan: Fallen Angel of the Highway Opens in...
06/06/2026
Check Out Leading Monitor Brands
We'll have monitors of all shapes and sizes at GearExpo UK, so whether you're looking to upgrade or expand your set...
06/06/2026
Two Originals offerings join MPC line-up
Following on from their partnership announcement at NAMM 2026, Spitfire Audio and Akai Pro have announced the relea...
06/06/2026
Share
Copy link
Facebook
X
Linkedin
Bluesky
Email...
06/06/2026
Share
Copy link
Facebook
X
Linkedin
Bluesky
Email...
06/06/2026
Matrox Video today announced the launch of the Matrox Maevex MGX Series, a new lineup of IPMX-ready video encoders and decoders with USB support that is enginee...
06/06/2026
Atomos (booth# S1006) announced immediate availability of Sumo PRO-19, a new 19-inch 4K HDR monitor-recorder-switcher designed as a central production hub for m...
06/06/2026
Cine Gear Expo 2026 DoPchoice introduces a complete light-shaping system for the new Creamsource Vortex2, further expanding the fixture's wide versatility...
06/06/2026
SmallHD will debut a new OLED 4K production monitor with a 16 display, the OLED 16, that combines OLED's industry-benchmark contrast ratio, exceptional col...
06/06/2026
Ed Lachman ASC, Caleb Deschanel ASC, and M. David Mullen ASC Being Honored at the 30th Annual Cine Gear Expo LA
Cine Gear Expo has announced the recipients of ...
06/06/2026
World premiere at Cine Gear Expo Los Angeles, June 5-6...
06/06/2026
See it first at Cine Gear Expo LA, Booth #S1703
DoPchoice introduces the latest addition to its inflatable AIRGLOW series the 8 2 Frame for RuPixel Canvas. ...
05/06/2026
The university-wide initiative has pushed their creative content to a new level
Although collegiate athletics at a single institution can contain numerous spo...
05/06/2026
In-venue and creative video staffers at the professional and collegiate level ha...
05/06/2026
Synamedia has announced that Lumine Group has agreed to acquire its Video Network business. The company is positioning the transition as the start of a new phas...
05/06/2026
Ateme, Broadcasting Center Europe (BCE), and Scaleway have announced a strategic partnership to deliver a cloud-based media supply chain covering ingest through...
05/06/2026
Audinate has announced three new additions to its Dante AVIO Install adapter series: a 4-Channel Analog Input, a 4-Channel Analog Output, and a 2-Ch In/2-Ch Out...
05/06/2026
Sportradar Group AG has announced a multi-year extension of its exclusive global...
05/06/2026
The M6 Group will broadcast FIFA World Cup 2026 matches live and in Ultra High D...
05/06/2026
The Athletic has announced that PGA TOUR highlights will be integrated into its golf coverage beginning with the Memorial Tournament presented by Workday. PGA T...
05/06/2026
When the FIFA World Cup arrives in North America in 2026, it will bring more tha...
05/06/2026
FIFA and DAZN have announced the launch of FIFA exclusively on DAZN, consolidating FIFA's content portfolio within DAZN's sports platform. The move fol...
05/06/2026
Telemundo's exclusive Spanish-language coverage of the FIFA World Cup 2026 G...
05/06/2026
Dolby Laboratories and NBCUniversal have announced that Peacock will stream Tele...
05/06/2026
Formula 1 has announced a 10-year extension to keep the Las Vegas Grand Prix on the F1 calendar through 2037. Las Vegas Grand Prix, Inc., Clark County, and the ...
05/06/2026
The broadcast-engineering team overcomes wind, speed, and salt water - and dista...
05/06/2026
Deploying both onsite and remote crews, the company is providing calibrated-came...
05/06/2026
With Inter&Co Stadium unavailable, ESPN's UFL team rebuilt its broadcast pla...
05/06/2026
One of the most exciting and informative events on the SVG annual event calendar is the Regional Sports Production Summit, an annual gathering of industry profe...
05/06/2026
For the race's third year at the historic racetrack, the broadcaster has added cameras and will incorporate multiple drones
The 158th edition of the Belmon...
05/06/2026
Ratings Roundup is a rundown of recent rating news and is derived from press rel...
05/06/2026
Built from the same recordings as flagship library
Sonuscore's LUX Orchestral Strings has been met with widespread praise since its launch in late 2025,...
05/06/2026
High-end converter, interface & headphone amp upgraded
Said to represent the next evolution of RME's all-in-one reference converter concept, the all-new...
05/06/2026
Win a Soundgas Type 636P & Type G preamps
Soundgas, one of the UK's leading vintage and boutique audio equipment specialists have just announced the lau...
05/06/2026
New leadership of Technology Systems Division at Rohde & Schwarz On July 1, 2026, Hansj rg Herrbold and Andreas H gele will take over as Executive Vice Presid...
05/06/2026
Hitachi and Intel announced a strategic collaboration to explore opportunities t...
05/06/2026
MRI-Simmons and S&P Global Mobility are expanding advanced audience capabilities...
05/06/2026
New Nielsen data shows insurance ad spend grew 11%, while consumers remain highl...
05/06/2026
Share
Copy link
Facebook
X
Linkedin
Bluesky
Email...
05/06/2026
ASG Promotes Joe Marchitto to Western Regional CTO
Brie Clayton June 5, 2026
0 Comments
Appointment to Support Engineering Alignment and Client Experi...
05/06/2026
Stargate Studios Colombia Uses DaVinci Resolve Studio for Vertical Microdramas
Brie Clayton June 5, 2026
0 Comments
End to end post in one platform al...
05/06/2026
People Need to Come First When We Use AI
Andy Marken June 5, 2026
0 Comments
It's just surviving. Life's very existence requires destruction....
05/06/2026
Share
Copy link
Facebook
X
Linkedin
Bluesky
Email...
05/06/2026
Share
Copy link
Facebook
X
Linkedin
Bluesky
Email...
05/06/2026
Share
Copy link
Facebook
X
Linkedin
Bluesky
Email...
05/06/2026
Share
Copy link
Facebook
X
Linkedin
Bluesky
Email...
05/06/2026
Share
Copy link
Facebook
X
Linkedin
Bluesky
Email...
05/06/2026
Share
Copy link
Facebook
X
Linkedin
Bluesky
Email...