state of the internet / security | financial services attack economy infographic … ·...
TRANSCRIPT
Akamai secures and delivers digital experiences for the world’s largest companies. Akamai’s intelligent edge platform surrounds everything, from the enterprise to the cloud, so customers and their businesses can be fast, smart, and secure. Top brands globally rely on Akamai to help them realize competitive advantage through agile solutions that extend the power of their multi-cloud architectures. Akamai keeps decisions, apps, and experiences closer to users than anyone — and attacks and threats far away. Akamai’s portfolio of edge security, web and mobile performance, enterprise access, and video delivery solutions is supported by unmatched customer service, analytics, and 24/7/365 monitoring. To learn why the world’s top brands trust Akamai, visit www.akamai.com, blogs.akamai.com, or @Akamai on Twitter. You can find our global contact information at www.akamai.com/locations. Published 08/19.
A PROFITABLE PHISHING INDUSTRY
Application-Layer Attacks Become More Frequent
SUBSIDIARY DDOS ATTACKS
Criminals use high-density DDoS attacks to distract security teams from credential stuffing and web attacks
AUTOMATED CREDENTIAL STUFFING
Download the full report for a more complete tour of the financial services criminal economy
[state of the internet] / security Financial Services Attack EconomyVolume 5, Issue 4
GOING WHERE THE MONEY ISA brief tour of the financial services criminal economy
DOWNLOAD THE FULL REPORT
THE FINANCIAL SERVICES SECTOR ATTRACTS A SIGNIFICANT SHARE OF CRIMINAL ACTIVITY
CONCENTRATED WEB ATTACKS
4 Vectors Account for 94% of Web Application Attacks
SQLi 41.63%
XSS 9.88%
LFI 40.63%
OGNL Java Injection 2.08%
New phishing domains detected December 2, 2018 – May 4, 2019
197,524
New phishing domains detected in this period that targeted financial services consumers
34%
Lost to the Business Email Compromise (BEC) phishing variant in 2018
$13.2 billion
7,378,074
Global malicious login attempts
6.1%
Unique DDoS targets
42.2%
Web applicationattacks
9.2%
Consumer-targeted phishing domains
50%
Repelling a SYN-ACK attack once landed financial institution IP addresses on a blacklist of malicious actors,
bringing reputational damage on the spam registry
Total failed login attempts against financial institutions observed over a 14-day period
37%Of logins authenticated
via OFX v1.x failed
33%Of logins failed
DDoS Attack Density Measured in Packets per Second
$
New State of the Internet / Security Report Financial Services Attack Economy
1,735,264,281Median bps
Financial Services
1,016,437,307Median bps
Other Industries
DDoS Attack Density Measured in Bits per Second
DDoS Attack Density Measured in Packets per Second
Why Credential Stuffing Attacks WorkRecycled Passwords
Why Accounts Are TargetedSame email address or username discovered in multiple breaches
#1
530,723Median pps
Financial Services
170,085Median pps
Other Industries
A high percentage of failed logins is evidence of credential
stuffing attacks. For more evidence, download the full State of the Internet / Security report here.
“I received an email from my bank telling me that my services online and via phone were suspended
... due to multiple attempts using [incorrect] credentials …”
— Steve Ragan, Sr. Technical Writer, Editor, State of the Internet / Security
REASON