Credential stuffing attacks target financial services
A new report from cloud delivery company Akamai reveals that the financial services industry has become a prime target for credential stuffing botnets.
Between May and June 2018, Akamai detected more than 8.3 billion malicious login attempts. However, many botnets attempt to remain in stealth mode for as long as possible.
The report highlights two attacks on financial services sites. One botnet attack caused a major financial company's login attempts to spike from an average of approximately 50,000 an hour to over 350,000 in one afternoon. The other saw a credit union attacked by three botnets at the same time, the most dangerous not being the biggest, but the one which kept up a sustained lower level attack over a longer period so as not to arouse suspicion.
The US, Russia, and Vietnam are the largest sources of credential stuffing attacks according to the findings. The US was responsible for 2.8 billion malicious login attempts, Russia for 1.5 billion. The US is also the largest target, likely reason for this being that the usernames and passwords of compromised sites are used to build 'dictionaries' that are traded or sold and used by botnets. One such dictionary released earlier this year contained nearly 1.4 billion records. As more breaches occur in other countries the attack trend may shift away from the US.
What's worrying is that 40 percent of financial organizations don't have a business unit or function to address credential stuffing attacks. Many prefer not to think about an attack until it's happened. As a result enterprises are losing credibility and profit because there are no protocols in place to prevent these attacks.
"Our research shows that the people carrying out credential stuffing attacks are continuously evolving their arsenal. They vary their methodologies, from noisier, volume-based attacks, through stealth-like 'low and slow'-style attacks," says Martin McKeay, senior security advocate at Akamai and Lead Author of the State of the Internet / Security report. "It's especially alarming when we see multiple attacks simultaneously affecting a single target. Without specific expertise and tools needed to defend against these blended, multi-headed campaigns, organizations can easily miss some of the most dangerous credential attacks."
The full report is available to download from the Akamai website.