Dark Web-leaked banking credentials leap 129 percent

A new report into the financial services threat landscape shows that there has been a huge increase in the number of banking credential leaks, while instances of compromised credit cards increased by 212 percent year-on-year.

The report from threat protection platform IntSights reveals many of the leaked credentials came from the Collection #1 database of over 773 million unique email addresses and 21 million unique passwords released onto the Dark Web in January this year.

Financial services organizations were targeted in 25.7 percent of all malware attacks last year, more than any of the other 27 industries tracked. While financial organizations based in developing countries, namely in Latin America, Africa, and South Asia, experienced attacks more frequently than those in developed regions of the world.

The report also highlights flaws in SS7 being used to intercept SMS messages employed to authorize payments. The UK's Metro Bank became the first publicly identified victim of this type of attack in February.

Other attack vectors include ATM malware, ransomware, DDoS and a number of mobile banking attacks including fake apps and Trojans.

"Threat actors are using tactics like social media impersonation, malicious mobile applications, and phishing schemes to circumvent corporate networks and leverage organizations' brands to trick users and run scams," says Hadar Rosenberg, threat intelligence research analyst at IntSights. "While these tactics are not always direct attacks against a corporate system, they can be incredibly damaging and costly. This is why organizations need to be operating in the external threat environment, monitoring potential threats before they manifest into attacks."

You can find out more in the full report available on the IntSights site.

Photo Credit: Dmitry Molchanov/Shutterstock