Security News > 2021 > May > 3.4 billion credential stuffing attacks hit financial services organizations

Akamai published a report that provides an analysis of both global and financial services-specific web application and credential stuffing attack traffic, revealing significant increases across the attack surfaces year over year from 2019 to 2020.

In 2020, there were 193 billion credential stuffing attacks globally, with 3.4 billion hitting financial services organizations specifically - an increase of more than 45% year-over-year in the sector.

Akamai observed nearly 6.3 billion web application attacks in 2020, with more than 736 million targeting financial services - which represents an increase of 62% from 2019.

SQL Injection attacks remained in the top spot across all business types globally, making up 68% of all web application attacks in 2020, with Local File Inclusion attacks coming in second at 22%. However, in the financial services industry, LFI attacks were the number one web application attack type in 2020 at 52%, with SQLi at 33% and Cross-Site Scripting at 9%. Over the past three years, DDoS attacks against the financial services sector grow by 93%, indicating that systemic disruption remains an objective for criminals, who target services and applications required for daily business.

"The ongoing, significant growth in credential stuffing attacks has a direct relationship to the state of phishing in the financial services industry," said Steve Ragan, Akamai security researcher and author of the report.

"It's important to remember that employees are consumers too, and with the prevalence of work from home, as well as mobile device usage in corporate environments, criminals are not shy about attacking people no matter where they are, which explains the recent growth in SMS-based phishing attacks."

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/DSwFvD4ZfWU/