Credential-stuffing attacks reach new high as finance sector targeted

(Image credit: Image source: Shutterstock/alexskopje)

Half of organisaions hit by a cyberattack during the past year was from the financial services industry. This is according to a new report by Akamai, which also states that credential stuffing is on the rise, as well. A total of 3.5 billion attempts were recorded in the last year and a half.

Since early December last year, up until May, Akamai discovered almost 200,000 phishing domains, with two thirds targeting directly consumers.  Out of those two thirds, half targeted companies in the financial services industry.

If successful in obtaining valuable data, criminals proceed to access, and open bank fake accounts under the victim’s name in order to syphon out the funds. The bulk of data they obtain, including name, address, date of birth, Social Security details, driver’s license information, and credit score is usually called a “fullz”.

They access the fraudulent accounts via remote desktop servers, mimicking the geographic location of the bank, as well as the “fullz”.  

Almost all observed attacks (94 per cent) against the financial sector come through four methods: SQL Injection, Local File Inclusion, Cross-Site Scripting and OGNL Java Injection.

Hackers are also employing DDoS attacks as means of distraction, while they stuff the service with credentials until they get one right.

“Attackers are targeting financial services organisations at their weak points: the consumer, web applications and availability, because that’s what works,” said Martin McKeay, Security Researcher at Akamai and Editorial Director of the State of the Internet / Security Report.

“Businesses are becoming better at detecting and defending against these attacks, but point defences are bound to fail. It requires being able to detect, analyse, and defend against an intelligent criminal who’s using multiple different types of tools for a business to protect its customers. For more than twenty years, Akamai has been leveraging its unique visibility into the full spectrum of attacks to help protect customers from these types of ever-evolving nefarious activities.”