Akamai Threat Research: Phishing and Credential Stuffing Attacks Remain Top Threat to Financial Services Organizations and Customers Latest State of The Internet / Security Report Observes 3.5 Billion Malicious Login Attempts Targeting the Financial Services Sector; Illustrates Akamai's Unique Threat Visibility
Cambridge, MA | July 31, 2019
Newly released data from Akamai's 2019 State of the Internet / Security Financial Services Attack Economy Report has found that 50% of all unique organizations impacted by observed phishing domains were from the financial services sector. The data shows that, in addition to unique phishing attempts, adversaries also leveraged credential stuffing attacks to the tune of 3.5 billion attempts during an 18-month period, putting the personal data and banking information of financial services customers at risk.
The report indicates that between December 2, 2018 and May 4, 2019, nearly 200,000 (197,524 to be exact) phishing domains were discovered, and of those domains, 66% targeted consumers directly. When taking the phishing domains targeting consumers only into consideration, 50% of those targeted companies in the financial services industry.
We've seen a steady rise in credential stuffing attacks over the past year, fed in part by a growth in phishing attacks against consumers, said Martin McKeay, Security Researcher at Akamai and Editorial Director of the State of the Internet / Security Report. Criminals supplement existing stolen credential data through phishing, and then one way they make money is by hijacking accounts or reselling the lists they create. We're seeing a whole economy developing to target financial services organizations and their consumers.
Once criminals have succeeded in their schemes, they need to process their ill-gotten data and funds. As Akamais report highlights, one method of dealing with this situation centers on bank drops' - packages of data that can be used to fraudulently open accounts at a given financial institution. Bank drops will typically include a persons stolen identity - often called fullz by criminals online, including name, address, date of birth, Social Security details, drivers license information, and credit score. Secure access to the fraudulent accounts comes via remote desktop servers, which are matched to the geographic location of the bank and the fullz.
Financial institutions continue to investigate the ways in which criminals are opening these drop accounts, and are working diligently to stay ahead of the curve. What most businesses don't realize, however, is that criminals are recycling old attack methods.
Akamai's findings revealed that 94% of observed attacks against the financial services sector came from one of four methods: SQL Injection (SQLi), Local File Inclusion (LFI), Cross-Site Scripting (XSS), and OGNL Java Injection (which accounted for more than 8 million attempts during this reporting period). OGNL Java Injection, made famous due to the Apache Struts vulnerability, continues to be used by attackers years after patches have been issued.
In the financial services industry, criminals have also started launching DDoS attacks as a distraction to conduct credential stuffing attacks or to exploit a web-based vulnerability. Over the course of 18 months, Akamai uncovered more than 800 DDoS attacks against the financial services industry alone.
Attackers are targeting financial services organizations at their weak points: the consumer, web applications and availability, because that's what works, said McKeay. Businesses are becoming better at detecting and defending against these attacks, but point defenses are bound to fail. It requires being able to detect, analyze, and defend against an intelligent criminal who's using multiple different types of tools for a business to protect its customers. For more than twenty years, Akamai has been leveraging its unique visibility into the full spectrum of attacks to help protect customers from these types of ever-evolving nefarious activities.
The criminal economy thrives, in part, because they target the financial services industry. By targeting banks for example, criminals attempt to steal sensitive data, and then turn around and use that same data to open fake accounts and lines of credit. Its a continuous cycle of crime. There is a deep level of irony in the fact that criminals are targeting the very industry they need to survive. While financial institutions are becoming better at detecting these attacks, adversaries continue to find success with old tricks, and that's a problem.
The Akamai 2019 State of the Internet / Security Report is available for download here. For additional information where the security community can access, engage with, and learn from Akamai's threat researchers and the insight that the Akamai Intelligent Edge Platform affords into the evolving threat landscape, visit Akamai's Threat Research Hub.
About Akamai Akamai secures and delivers digital experiences for the world's largest companies. Akamai's intelligent edge platform surrounds everything, from the enterprise to the cloud, so customers and their businesses can be fast, smart, and secure. Top brands globally rely on Akamai to help them realize competitive advantage through agile solutions that extend the power of their multi-cloud architectures. Akamai keeps decisions, apps and experiences closer to users than anyone - and attacks and threats far away. Akamai's portfolio of edge security, web and mobile performance, enterprise access and video delivery solutions is supported by unmatched customer service, analytics and 24/7/365 monitoring. To learn why the world's top brands trust Akamai, visit www.akamai.com, blogs.akamai.com, or @Akamai on Twitter. You can find our global co
Most recent headlines
05/01/2027
Worlds first 802.15.4ab-UWB chip verified by Calterah and Rohde & Schwarz to be ...
01/06/2026
January 6 2026, 05:30 (PST) Dolby Sets the New Standard for Premium Entertainment at CES 2026
Throughout the week, Dolby brings to life the latest innovatio...
02/05/2026
Dalet, a leading technology and service provider for media-rich organizations, t...
01/05/2026
January 5 2026, 18:30 (PST) NBCUniversal's Peacock to Be First Streamer to ...
01/04/2026
January 4 2026, 18:00 (PST) DOLBY AND DOUYIN EMPOWER THE NEXT GENERATON OF CREATORS WITH DOLBY VISION
Douyin Users Can Now Create And Share Videos With Stun...
05/03/2026
Clear-Com has provided Gen-IC virtual intercom, its cloud-based voice communications system for SaxaVord Spaceport, the first fully licensed vertical launch s...
05/03/2026
The Hollywood Professional Association (HPA) concluded the 2026 HPA Tech Retreat, convening more than 800 industry leaders, technologists, creatives and executi...
05/03/2026
LynTec, a leading manufacturer of electrical power control solutions for professional audio, video, and lighting systems, today announced that its new Dual DMX ...
05/03/2026
Snicket Labs is pleased to announce a new distribution partnership with ES Broadcast for its award winning solutions, Match and Enrich.
Under the agreement, ES...
05/03/2026
LiveU today announced the first large-scale deployment of its AI-driven LiveU IQ (LIQ ) technology at a global, multi-venue sporting event, setting a new benchm...
05/03/2026
March is in full bloom, and that means a fresh wave of games heading to the cloud. 15 new titles are joining the GeForce NOW library this month.
Leading the Ma...
04/03/2026
Lega Basket Serie A (LBA), the governing body for Italy's premier basketball...
04/03/2026
Wrexham AFC co-chairmen Rob Mac and Ryan Reynolds will host a first-of-its-kind ...
04/03/2026
The countdown is underway and with just 100 days to go until the world's greatest sporting event begins on Thurs., June 11, FOX Sports, America's Englis...
04/03/2026
No matter where they are in the world, service members and veterans can stream N...
04/03/2026
Telemundo officially releases Somos M s, the anthem for the network's cove...
04/03/2026
The Hollywood Professional Association (HPA) concluded the 2026 HPA Tech Retreat, convening more than 800 industry leaders, technologists, creatives, and execut...
04/03/2026
Smith Entertainment Group transformed how local sports are consumed by creating ...
04/03/2026
The production method, which spans a distance of 36.2 miles, was designed and im...
04/03/2026
Haivision, a global provider of mission-critical, real-time video networking and...
04/03/2026
When Hugues Meyrath came out of retirement to take the helm as CEO of Quantum, i...
04/03/2026
Last week's launch of Banana Ball Championship League has spurred a significant upgrade of production facilities
The Savannah Bananas, arguably the hottest...
04/03/2026
sldkfjsdlfkjsldkfjsldkjfslkdjfslkdjfsl
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus...
04/03/2026
For many fans, a song's backstory can be just as compelling as the final pro...
04/03/2026
In 2006, Spotify was founded on the belief that technology could bring artists a...
04/03/2026
Spotify is back on the ground for the Houston Livestock Show and Rodeo, and we&#...
04/03/2026
Spotify had an energizing week in Sydney, Australia, filled with powerful conver...
04/03/2026
Earlier this year, we launched Directed By, a documentary-style series that pull...
04/03/2026
100 Days to Go: SBS Unveils World Class Team for The Greatest Show on Earth -The...
04/03/2026
KT and Rohde & Schwarz to showcase AI-enhanced radio transmission performance In a joint 6G AI proof-of-concept demonstration, the CMX500 one-box tester from ...
04/03/2026
Share
Copy link
Facebook
X
Linkedin
Bluesky
Email...
04/03/2026
Luxembourg, 3 March 2026 - SES S.A. has today published its 2025 Annual Report, following the announcement of the company's full year financial results for ...
04/03/2026
Share
Copy link
Facebook
X
Linkedin
Bluesky
Email...
04/03/2026
Share
Copy link
Facebook
X
Linkedin
Bluesky
Email...
04/03/2026
Luxembourg, March 3, 2026 - SES, a leading space solutions company, along with I...
04/03/2026
04 Mar 2026
VEON Partners with GSMA Innovation Fund to Accelerate Digital Innov...
04/03/2026
04 Mar 2026
VEON's Beeline Uzbekistan and Rakuten Symphony Partner for Open...
04/03/2026
Wednesday 4 March 2026
Sky Sports unveils plans for 2026 Formula 1 coverage
Sky Sports is preparing for one of the most highly anticipated F1 seasons in recen...
04/03/2026
Back to All News
Bloodhounds' Season 2 Gears Up for April 3 Premiere with ...
04/03/2026
Back to All News
Netflix Ads Suite Expands Capabilities
Business
04 March 2026
GlobalUnited States
Link copied to clipboard
After launching the Netflix Ad...
04/03/2026
Scripps Research welcomes healthcare innovator Joe Kiani to the Board of Directors Kiani brings decades of experience in patient safety and public service.
Mar...
04/03/2026
Nanoparticle vaccine approach takes on a new target: Hepatitis C virus Scripps Research scientists reengineer critical proteins on the surface of HCV, paving th...
03/03/2026
Beyond Sports, a Sony group company, and LIV Golf, the world's golf league, ...
03/03/2026
Ilitch Sports + Entertainment announces the launch of Detroit SportsNet (DSN), a year-round broadcast home for two of Detroit's franchises. With flexible op...
03/03/2026
Advanced Systems Group, LLC (ASG), a technology and services provider for media ...
03/03/2026
The PGA of America, NBC Sports and USA Sports extend their media rights agreemen...
03/03/2026
AI device ecosystem company HONOR enters into a strategic technical collaboratio...
03/03/2026
Cleveland's Telos Alliance, pioneers in broadcast technology for 30 years, l...
03/03/2026
The MD 9235 microphone head for wireless handhelds has been a firm favorite with many engineers and artists for its ability to cut through high on-stage levels ...
Akamai Threat Research: Phishing and Credential Stuffing Attacks Remain Top Threat to Financial Services Organizations and Customers Latest State of The Internet / Security Report Observes 3.5 Billion Malicious Login Attempts Targeting the Financial Services Sector; Illustrates Akamai's Unique Threat Visibility 
