Criminals target APIs to attack financial services systems

No Comments

Intelligent APIs

In the year to November 2019, 75 percent of all credential abuse attacks against the financial services industry targeted APIs directly, according to a new report.

The research from Akamai observed 85,422,079,109 credential abuse attacks. Nearly 20 percent, or 16,557,875,875, of these were against host names that were clearly identified as API endpoints. Of these, 473,518,955 attacked organizations in the financial services industry.

In August the company recorded the single largest credential stuffing attack against a financial services firm in its history, consisting of 55,141,782 malicious login attempts.

"Criminals are getting more creative and hyper-focused on how they go about obtaining access to the things they need to conduct their crimes," says Steve Ragan, Akamai security researcher and principal author of the State of the Internet / Security report. "Criminals targeting the financial services industry pay close attention to the defenses used by these organizations, and adjust their attack patterns accordingly."

Across all industries SQL injection accounted for 72 percent of attacks, but this halves to 36 percent for financial services businesses. Local File Inclusion (LFI) attacks, that exploit various scripts running on servers and can be used to force sensitive information disclosure, accounted for 47 percent of financial services attacks.

The report also shows that DDoS remains a key weapon in the cybercriminal arsenal. While gaming and technology were most targeted, more than 40 percent of unique DDoS targets are in the financial services sector.

"Security teams need to constantly consider policies, procedures, workflows, and business needs -- all while fighting off attackers that are often well organized and well-funded," Ragan concludes. "Our data shows that financial services organizations are constantly improving by adopting fluid security postures, forcing criminals to change their tactics."

The full Akamai 2020 State of the Internet / Security Report is available now and there will be a webinar tomorrow (Feb 20) to discuss attack patterns and how to defend against them.

Image Credit: totallyPic.com / Shutterstock

No Comments

Comments are closed.

Got News? Contact Us

Recent Headlines

TEAMGROUP unveils MP44Q M.2 PCIe 4.0 SSD

Cyberwarfare incidents reported by almost half of UK firms

Ransomware, meet DRaaS: The future of disaster mitigation

Get 'Modern DevOps Practices -- Second Edition' (worth $39.99) for FREE

Number of ransomware victims up 20 percent in first quarter of 2024

Low-code tools boost developer productivity

Cisco warns of serious CLI command injection vulnerability in its Integrated Management Controller

Most Commented Stories

Say goodbye to Microsoft Windows 11 and hello to Nitrux Linux 3.4.0 'pl'

61 Comments

Windows 11 slammed for its 'comically bad' performance even on high-end hardware

18 Comments

Outrageous: Microsoft to charge $61 for Windows 10 updates -- consider switching to Linux!

17 Comments

Microsoft 'improves' Windows 11 by bringing ads to the Start menu in the US

16 Comments

Microsoft is up to its old tricks yet again -- Windows 10 users harassed with full-screen Windows 11 upgrade warnings

16 Comments

Easter giveaway! Get a licensed copy of 'VideoProc Converter for Windows/Mac' (worth $78.90) for FREE

10 Comments

EndeavourOS ARM discontinued: A huge loss for the Linux community

9 Comments

Install the KB5035942 update for Windows 11 to gain all of the Moment 5 features right now

8 Comments

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.