Security News > 2020 > February > Stuffing nonsense: Persistent cyberpunks are pummelling banks' public APIs, warns Akamai
The web services 'n' security biz said, in a report released today, that three-quarters of all credential abuse attacks it detected in 2019 were targeted at banks' publicly available APIs.
Akamai said it had "Observed 85,422,079,109 credential abuse attacks" over two years, spanning December 2017 to November last year.
The firm said in a statement: "On August 7, 2019, Akamai recorded the single largest credential stuffing attack against a financial services firm, in our company's history, consisting of 55,141,782 malicious login attempts. This attack was a mix of API targeting, and other methodologies."
SQL injection attacks accounted for around 72 per cent of all attacks during the two-year period examined in the report.
The top attack type against the financial services sector was Local File Inclusion, Akamai said, accounting for just under half of observed traffic.