Akamai State of the Internet Report Tracks Cybercriminals’ Focus on Financial Sector

On July 31, content delivery network services provider Akamai released its 2019 State of the Internet/Security Financial Services Attack Economy Report.  In that report, which focused particularly on online attacks directed at the financial sector, Akamai’s findings included the following:

  • Phishing Domains: Between December 2, 2018, and May 4, 2019, Akamai detected 197,524 phishing domains. Of those domains, 66 percent (130,242) targeted consumers, and 34 percent (67,282) targeted enterprises.
  • Focus on Financial Sector: All (100 percent) of the phishing domains targeting enterprise victims were impersonating sites from the high-tech industry.  When only the 130,242 phishing domains targeting consumers were considered, however, financial organizations accounted for the highest number of phishing domains (45,389, 34.8 percent).  Other sector categories among those phishing domains were high-tech (31,795, 24.4 percent),  online retail (12,928, 9.9 percent), media (12,868, 9.9 percent), and social (12,202, 9.4 percent).  Notably, 50 percent of the unique organizations impersonated by the tracked phishing domains were within the financial sector.
  • Number of New Phishing Domains: Over time, the number of new phishing domains targeting consumers remained steady, with a single dramatic spike on December 20, 2018, during the holiday shopping season.
  • Credential Stuffing: With regard to “credential stuffing” – i.e., a hacking technique in which hackers take a large number of usernames and passwords “and try to ‘stuff’ those credentials into the login page of other digital services” — over 18 months of credential stuffing attacks, from November 2017 through April 2019, there were 57,970,472,311 malicious login attempts, of which 3,547,533,230 (6.1 percent) were against financial services organizations.
  • Web Attacks Against Financial Services Subverticals: Of all web attacks against financial services segments, just over half (50.6 percent) targeted banking, while cards and payments accounted for 15.7 percent, insurance 14.5 percent, financial exchanges 8.6 percent, and asset management 5.7 percent.
  • Distributed Denial of Service Attacks: Between November 2017 and April 2019, the gaming experienced the highest Distributed Denial of Service (DDOS) attack volume (i.e., nearly 9,000 attacks), but the financial sector had the most unique DDOS targets (more than 40 percent) as well as the most malicious traffic (i.e., in terms of attack density).
  • Sales of Bank Drops: The report included some examples of going rates for “bank drops” – “packages of data and services that can be used to open accounts at a given financial institution,” which include “a person’s stolen identity (sometimes called ‘fullz’), including full name, address, date of birth, Social Security number, driver’s license data, credit score details, and access to a secure Remote Desktop Protocol (RDP) connection for one month.”  Drops at two major banks were selling for $150, $200, and $250 per account, the price variations stemming from the additional services offered.  “Another seller had a cache of drops available for one of seven different consumer banks . . . at prices ranging from $300 to $400.”  For both sellers, should a bank detect the drops and close accounts, “both sellers were willing to offer replacements free of charge under certain circumstances.”

Note: Information-security and compliance officers at financial firms should share this report with their teams, not least because of the fairly recent data it includes.  Despite the fact that the report concludes by sounding several optimistic notes – saying that the financial services industry “spends billions on security each year” and has “made the criminal economy come out from the shadows” and that “there is no assured success in any of these criminal endeavors”—cybercriminals would not be attacking the financial sector on such a sustained basis if their overall returns on investment were less than superior.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s