STOCK TITAN

Akamai Security Research: Financial Services Continues Getting Bombarded with Credential Stuffing and Web Application Attacks

Rhea-AI Impact
(Low)
Rhea-AI Sentiment
(Negative)
Tags
Rhea-AI Summary

Akamai Technologies, Inc. released its State of the Internet/Security report, highlighting a significant rise in cyber threats to financial services in 2020. Credential stuffing attacks surged to 193 billion globally, with 3.4 billion targeting financial organizations, marking a 45% year-over-year increase. Web application attacks reached nearly 6.3 billion, with financial services seeing a 62% rise. The report also analyzed phishing kits, revealing the Kr3pto kit targeted 11 UK banks, while Ex-Robotos focused on corporate phishing. The findings emphasize the growing risk of cyber threats in the financial sector.

Positive
  • A 45% year-over-year increase in credential stuffing attacks targeting financial services, showcasing heightened awareness of security risks.
  • A 62% increase in web application attacks against financial services, indicating a growing market for Akamai's protective solutions.
  • Collaboration with WMC Global enhances threat intelligence, providing deeper insights into phishing strategies.
Negative
  • The exponential growth in credential stuffing and web application attacks could indicate potential vulnerabilities in the financial sector.
  • DDoS attacks against the financial services sector grew by 93% from 2018 to 2020, signaling a persistent threat landscape.

CAMBRIDGE, Mass., May 19, 2021 /PRNewswire/ -- Akamai Technologies, Inc. (NASDAQ: AKAM), the world's most trusted solution for protecting and delivering digital experiences, today published the State of the Internet / Security report: Phishing for Finance. The report provides an analysis of both global and financial services-specific web application and credential stuffing attack traffic -- revealing significant increases across the attack surfaces year over year from 2019 to 2020.

The report also features a collaboration between Akamai and WMC Global researchers that examined two specific phishing kits: 'Kr3pto' and 'Ex-Robotos'. Kr3pto has targeted customers of 11 UK banking brands, and Ex-Robotos has aimed its scams at corporate employees.

By The Numbers

In 2020, Akamai saw 193 billion credential stuffing attacks globally, with 3.4 billion hitting financial services organizations specifically -- an increase of more than 45% year-over-year in the sector.

Akamai observed nearly 6.3 billion web application attacks in 2020, with more than 736 million targeting financial services -- which represents an increase of 62% from 2019.

SQL Injection (SQLi) attacks remained in the top spot across all business types globally, making up 68% of all web application attacks in 2020, with Local File Inclusion (LFI) attacks coming in second at 22%. However, in the financial services industry, LFI attacks were the number one web application attack type in 2020 at 52%, with SQLi at 33% and Cross-Site Scripting at 9%.

Over the past three years (2018-2020), Akamai saw DDoS attacks against the financial services sector grow by 93%, indicating that systemic disruption remains an objective for criminals, who target services and applications required for daily business.

Threat Intelligence Collaboration

For this report, Akamai partnered with threat intelligence company WMC Global. The researchers at WMC Global are experts at understanding SMS phishing (smishing) and the toolkits that criminals devise to make their attacks possible. This unique collaboration examined two specific phishing kits: 'Kr3pto' and 'Ex-Robotos'.

"The ongoing, significant growth in credential stuffing attacks has a direct relationship to the state of phishing in the financial services industry," said Steve Ragan, Akamai security researcher and author of the State of the Internet / Security report. "Criminals use a variety of methods to augment their credential collections, and phishing is one of the key tools in their arsenal. By targeting banking customers and employees in the sector, criminals increase their pool of potential victims exponentially."

The Kr3pto phishing kit, which targets financial institutions and their customers via SMS, has been observed spoofing 11 brands in the UK, across more than 8,000 domains since May 2020. WMC Global tracked more than 4,000 campaigns linked to Kr3pto targeting victims via SMS messaging over 31 days in Q1 2021.

Ex-Robotos is a phishing kit that essentially sets a benchmark when it comes to corporate credential phishing. According to data from the Akamai Intelligent Edge Platform, there were more than 220,000 hits to the API IP address used for Ex-Robotos over a span for 43 days. In fact, traffic to that address reached a peak of tens of thousands of hits per day on average between January 31 and February 5, 2021.

"Kits like Kr3pto and Ex-Robotos are just two of the many kits targeting corporations and consumers today," said Jake Sloane, Senior Threat Hunter at WMC Global. "It's important to remember that employees are consumers too, and with the prevalence of work from home, as well as mobile device usage in corporate environments, criminals are not shy about attacking people no matter where they are, which explains the recent growth in SMS-based phishing attacks."

"By partnering with WMC Global for this report, we were able to expand on our existing coverage of the financial sector and offer a wider range of details into the attacks that financial organizations face on a daily basis," added Ragan.

Read the Akamai 2021 State of the Internet / Security report: Phishing for Finance, on our State of the Internet page.

For additional information, the security community can access, engage with, and learn from Akamai's threat researchers and the insight that the Akamai Intelligent Edge Platform affords into the evolving threat landscape by visiting Akamai's Threat Research Hub.

About Akamai

Akamai secures and delivers digital experiences for the world's largest companies. Akamai's intelligent edge platform surrounds everything, from the enterprise to the cloud, so customers and their businesses can be fast, smart, and secure. Top brands globally rely on Akamai to help them realize competitive advantage through agile solutions that extend the power of their multi-cloud architectures. Akamai keeps decisions, apps and experiences closer to users than anyone — and attacks and threats far away. Akamai's portfolio of edge security, web and mobile performance, enterprise access and video delivery solutions is supported by unmatched customer service, analytics and 24/7/365 monitoring. To learn why the world's top brands trust Akamai, visit www.akamai.com, blogs.akamai.com, or @Akamai on Twitter. You can find our global contact information at www.akamai.com/locations.

Contacts:
Tim Whitman                                                                          Tom Barth
Media Relations                                                                      Investor Relations                  
617-444-3019                                                                          617-274-7130
twhitman@akamai.com                                                         tbarth@akamai.com 

Cision View original content to download multimedia:http://www.prnewswire.com/news-releases/akamai-security-research-financial-services-continues-getting-bombarded-with-credential-stuffing-and-web-application-attacks-301292576.html

SOURCE Akamai Technologies, Inc.

FAQ

What does the latest State of the Internet report by Akamai reveal about phishing attacks in financial services?

The report shows a significant increase in credential stuffing attacks, with 3.4 billion attacks targeting financial services in 2020, a 45% rise from the previous year.

How many web application attacks were recorded in 2020 according to Akamai?

Akamai reported nearly 6.3 billion web application attacks in 2020, with over 736 million aimed at financial services.

What are the key phishing kits mentioned in Akamai's report?

The report highlights two phishing kits: 'Kr3pto,' which targets UK banking customers, and 'Ex-Robotos,' focused on corporate credential phishing.

What was the percentage increase in web application attacks in the financial services sector from 2019 to 2020?

Web application attacks in the financial services sector increased by 62% from 2019 to 2020.

What is the significance of Akamai's partnership with WMC Global in their latest report?

The partnership enhances Akamai's threat intelligence capabilities, allowing for a deeper understanding of phishing tactics in the financial sector.

Akamai Technologies Inc

NASDAQ:AKAM

AKAM Rankings

AKAM Latest News

AKAM Stock Data

13.14B
150.23M
1.84%
98.8%
5.27%
Software - Infrastructure
Services-business Services, Nec
Link
United States of America
CAMBRIDGE