From May 2019 and continuing on until the end of the year, there was a dramatic shift by criminals who started targeting APIs, in an effort to bypass security controls. According to data from Akamai, up to 75% of all credential abuse attacks against the financial services industry targeted APIs directly.
According to the reports findings, from December 2017 through November 2019, 85,422,079,109 credential abuse attacks were observed. Nearly 20 percent, or 16,557,875,875, were against hostnames that were clearly identified as API endpoints. Of these, 473,518,955 attacked organizations in the financial services industry.
But not all attacks were exclusively API focused. On August 7, 2019, the single largest credential stuffing attack against a financial services firm was recorded, consisting of 55,141,782 malicious login attempts.
This attack was a mix of API targeting, and other methodologies. On August 25, in a separate incident, the criminals targeted APIs directly, in a run that consisted of more than 19 million credential abuse attacks.
Criminals are getting more creative and hyper-focused on how they go about obtaining access to the things they need to conduct their crimes, said Steve Ragan, Akamai security researcher and principal author of the State of the Internet / Security report.
Criminals targeting the financial services industry pay close attention to the defenses used by these organizations, and adjust their attack patterns accordingly.
Indicative of this fluid attack dynamic, the report shows that criminals continue to seek to expose data through a number of methods, in order to gain a stronger foothold on the server and ultimately achieve success in their attempts.
SQL Injection (SQLi) accounted for more than 72% of all attacks when looking at all verticals during the 24-month period observed by the report. That rate is halved to 36% when looking at financial services attacks alone. The top attack type against the financial services sector was Local File Inclusion (LFI), with 47% of observed traffic.
XSS was the third-most common type of attack against financial services, with a recorded 50.7 million attacks, or 7.7% of the observed attack traffic.
The report also shows that criminals continue to leverage DDoS attacks as a core component of their attack arsenal, particularly as it relates to targeting financial services organizations.
Observations from November 2017 until October 2019, show the financial services industry ranking third in attack volume, with gaming and high tech being the most common targets. However, more than forty percent of the unique DDoS targets were in the financial services industry, which makes this sector the top target when considering unique victims.
Security teams need to constantly consider policies, procedures, workflows, and business needs all while fighting off attackers that are often well organized and well-funded, Ragan concluded. Our data shows that financial services organizations are constantly improving by adopting fluid security postures, forcing criminals to change their tactics.
See the original post:
Most credential abuse attacks against the financial sector targeted APIs - Help Net Security
- Will Social Distancing Break the Internet? - Security Boulevard - April 6th, 2020
- MANRS to help secure large hubs of the internet from common routing problems - Help Net Security - April 6th, 2020
- Mozilla Fixes Two Firefox Critical Vulnerabilities Exploited in the Wild - Security Boulevard - April 6th, 2020
- Join launches Extended Workplaces VPN to enable security and access for those working from home - Yahoo Finance - April 6th, 2020
- Internet Security Software Market Trends, Growth, Scope, Size, Overall Analysis and Forecast by 2025 - Express Journal - April 6th, 2020
- A Must For Millions, Zoom Has A Dark Side And An FBI Warning - NPR - April 6th, 2020
- 2020 Internet Of Things 50: Realizing The Promise Of IoT - CRN: Technology news for channel partners and solution providers - April 6th, 2020
- Worried about using Zoom? Here are video tips and alternatives - AZCentral - April 6th, 2020
- Partnerships, Cooperation Key to Long-Term Gov Tech Success - Government Technology - April 6th, 2020
- Employment Security working to expand capacity due to to surge in COVID-19 Unemployment Claims - Taylorsville Times - April 6th, 2020
- Work from home: Securing RDP and remote access - We Live Security - April 6th, 2020
- Russian Security Hacking the 'Internet of Things' - Byline Times - April 2nd, 2020
- Unpacking TikTok, Mobile Apps and National Security Risks - Lawfare - April 2nd, 2020
- CDN and cloud suppliers join routing security initiative - ComputerWeekly.com - April 2nd, 2020
- Setting up home-based office solutions busy business for Cape Breton company - The Telegram - April 2nd, 2020
- Society's Dependence on the Internet: 5 Cyber Issues the Coronavirus Lays Bare - Nextgov - April 2nd, 2020
- Open Source Code - The Future of User Privacy - Privacy News Online - April 2nd, 2020
- GLOBAL INTERNET SECURITY FIREWALL MARKET LATEST DEVELOPMENTS, SHARES, AND STRATEGIES EMPLOYED BY THE MAJOR PLAYERS - The Fuel Fox - March 30th, 2020
- Coronavirus Proves We Need the Internet Now More than Ever Before - The National Interest - March 30th, 2020
- The story behind that little padlock in your browser - Horizon magazine - March 30th, 2020
- Finder helps secure the Internet in a time of crisis - CMO - March 30th, 2020
- New Security Report from WatchGuard Shows Explosion in Evasive Malware - socPub - March 30th, 2020
- One senator wants vendors to ensure their internet connectivity devices are secure - fifthdomain.com - March 30th, 2020
- How a VPN works - The Upcoming - March 30th, 2020
- Cryptocurrency Wallets: Everything You Ever Wanted To Know - hackernoon.com - March 30th, 2020
- Sentrybay and Raqmiyat on delivering secure work from home solutions - Tahawul Tech - March 30th, 2020
- Dot-com price rises on their way over the next four years: ICANN approves Verisign contract, walks off with $20m - The Register - March 30th, 2020
- Global Internet Security Market Overview By Threats, Major Opportunities, Drivers, Risk Analysis and Trends - Sound On Sound Fest - March 30th, 2020
- These are the companies offering free software during the coronavirus crisis - IT PRO - March 30th, 2020
- The real insider threat is the use of security software - TechRadar - March 23rd, 2020
- EFF and COVID-19: Protecting Openness, Security, and Civil Liberties - EFF - March 23rd, 2020
- Preparing for November's election must be a national priority | TheHill - The Hill - March 23rd, 2020
- COVID-19 decoy doc, Cloudflare tools used to spread Blackwater malware - SC Magazine - March 23rd, 2020
- Technology saves the day as Kenyan firms send staff to work from home - The East African - March 23rd, 2020
- In Industrial Realm, Trustworthy Software Ensures - IoT World Today - March 23rd, 2020
- Security Software in Telecom Market is Growing Rapidly Due to Increasing Internet Penetration - Press Release - Digital Journal - March 23rd, 2020
- How safe is your brand in the hands of a remote workforce? - Bizcommunity.com - March 23rd, 2020
- Do Netflix And YouTube Really Need To Slash Video Quality To Save The Internet? - Forbes - March 23rd, 2020
- How Organizations Can Retain Talent Amidst the Infosec Skills Gap - tripwire.com - March 23rd, 2020
- Hackers are preying on fears of Covid-19, says cyber security experts - Hindustan Times - March 23rd, 2020
- These Jaw-Dropping Facts Will Change Your Mind About the Internet of Things - The Motley Fool - March 23rd, 2020
- Security Think Tank: Amid panic, how to find a sound level of security - ComputerWeekly.com - March 23rd, 2020
- As universities shut their doors, international students are left in limbo - The Verge - March 23rd, 2020
- Keeping content safe in the IP era | Industry Trends - IBC365 - March 23rd, 2020
- Students concerned with lack of internet access, job security in light of online transition - University of Virginia The Cavalier Daily - March 23rd, 2020
- How Safe is Your Brand in the Hands of a Remote Workforce? - Techfinancials.co.za - March 23rd, 2020
- US Bureau of Census : PRESS RELEASE | MARCH 20, 2020 Statement on 2020 Census Internet Response Security Precautions To protect the integrity of the... - March 23rd, 2020
- Fake coronavirus news is spreading faster than the virus - The Star Online - March 23rd, 2020
- Facebook didnt have to be this way - BusinessLine - March 23rd, 2020
- How Are Digital Natives Shaping the Future of Data Privacy? - Infosecurity Magazine - March 23rd, 2020
- Zero Trust Internet is the Answer - Infosecurity Magazine - March 23rd, 2020
- German government prepares for internet censorship and deployment of the armed forces - World Socialist Web Site - March 23rd, 2020
- Internet of Things (IoT) Security Technology Market Is Expected To Thrive At Impressive Cagr By 2027 Key Players:... - March 23rd, 2020
- Norton Secure VPN - The cocoon of cybersecurity - Blasting News United States - March 13th, 2020
- New rules proposed to boost security of home routers - The Straits Times - March 13th, 2020
- Leaders should act now to counter national security threat to US elections | TheHill - The Hill - March 13th, 2020
- Cybersecurity 2020: The Trends SMBs will Need to Prepare For - CISO MAG - March 13th, 2020
- Namecheap, EFF and the Dangerous Internet Wild West - CircleID - March 13th, 2020
- EARN IT Act threatens end-to-end encryption - Naked Security - March 13th, 2020
- Apples WWDC 2020 is on in a purely digital way - Pickr - March 13th, 2020
- The EARN IT Bill Is the Government's Plan to Scan Every Message Online - EFF - March 13th, 2020
- The pitfalls of being an influencer: What parents should know and do - We Live Security - March 13th, 2020
- 25 tips for navigating the internet today - Alton Telegraph - March 13th, 2020
- Interos Raises $17.5M from Venrock and Kleiner Perkins to Grow Third-Party Risk Management Platform - GlobeNewswire - March 13th, 2020
- Why Are Internet Security Standards Badly Deployed and What to Do About It? - CircleID - March 12th, 2020
- The Internet of Things is a security nightmare reveals latest real-world analysis: unencrypted traffic, network crossover, vulnerable OSes - The... - March 12th, 2020
- How The Internet Of Things Can Transform Workplace Safety | Baird Capital | Security News - SecurityInformed - March 12th, 2020
- The Internet Avoided a Minor Disaster Last Week - WIRED - March 12th, 2020
- Applying the 80/20 rule to cloud security - Help Net Security - March 12th, 2020
- Internet Security Audit Market Report 2020: Acute Analysis of Global Demand and Supply 2025 with Major Key Player: Symantec, Intel Security, IBM,... - March 12th, 2020
- The Hidden Dangers of China's Digital Silk Road - The National Interest - March 12th, 2020
- Students Showed Trend Micro a World Without the Internet - Business Wire - March 12th, 2020
- Android anti-virus products put to the test which are the best at stopping new malicious apps? - Graham Cluley Security News - March 12th, 2020
- Internet security Market 2020 | Applications, Challenges, Growth, Shares, Trends and Forecast To 2026 - Packaging News 24 - March 5th, 2020
- Eight ways to improve cyber-hygiene in the enterprise - Security Boulevard - March 5th, 2020
- The Top 8 Concerns for CISOs in 2020 - Security Boulevard - March 5th, 2020
- iboss Wins Customer Service Department of the Year - Computer Services Silver Award in the 2020 Stevie Awards for Sales and Customer Service - Yahoo... - March 5th, 2020
- 2020 Premium Ethical Hacking Certification Bundle Is Up For A Limited Time Discount Offer Avail Now - Wccftech - March 5th, 2020
- These are the first passwords hackers will try when attacking your device - ZDNet - March 5th, 2020
- US threatens to pull big techs immunities if child abuse isnt curbed - TechCrunch - March 5th, 2020