Akamai Security Research: APIs Are Now Target of Choice for Cybercriminals Attacking Financial Services Organizations Up to 75% of all Credential Abuse Attacks Targeted APIs
Cambridge, MA | February 19, 2020
Akamai Technologies, Inc. (NASDAQ: AKAM) today published the Akamai 2020 State of the Internet / Security: Financial Services - Hostile Takeover Attempts report. The research findings reveal that from May 2019 and continuing on until the end of the year, there was a dramatic shift by criminals who started targeting APIs, in an effort to bypass security controls. According to data from Akamai, up to 75% of all credential abuse attacks against the financial services industry targeted APIs directly.
According to the report's findings, from December 2017 through November 2019, Akamai observed 85,422,079,109 credential abuse attacks. Nearly 20 percent, or 16,557,875,875, were against hostnames that were clearly identified as API endpoints. Of these, 473,518,955 attacked organizations in the financial services industry.
But not all attacks were exclusively API focused. On August 7, 2019, Akamai recorded the single largest credential stuffing attack against a financial services firm, in our companys history, consisting of 55,141,782 malicious login attempts. This attack was a mix of API targeting, and other methodologies. On August 25, in a separate incident, the criminals targeted APIs directly, in a run that consisted of more than 19 million credential abuse attacks.
Criminals are getting more creative and hyper-focused on how they go about obtaining access to the things they need to conduct their crimes, said Steve Ragan, Akamai security researcher and principal author of the State of the Internet / Security report. Criminals targeting the financial services industry pay close attention to the defenses used by these organizations, and adjust their attack patterns accordingly.
Indicative of this fluid attack dynamic, the report shows that criminals continue to seek to expose data through a number of methods, in order to gain a stronger foothold on the server and ultimately achieve success in their attempts.
SQL Injection (SQLi) accounted for more than 72% of all attacks when looking at all verticals during the 24-month period observed by the report. That rate is halved to 36% when looking at financial services attacks alone. The top attack type against the financial services sector was Local File Inclusion (LFI), with 47% of observed traffic.
LFI attacks exploit various scripts running on servers, and as a consequence, these types of attacks can be used to force sensitive information disclosure. LFI attacks can also be leveraged for client-side command execution (such as a vulnerable JavaScript file), which could lead to Cross-Site Scripting (XSS) and Denial of Service (DoS) attacks. XSS was the third-most common type of attack against financial services, with a recorded 50.7 million attacks, or 7.7% of the observed attack traffic.
The report also shows that criminals continue to leverage Distributed Denial of Service (DDoS) attacks as a core component of their attack arsenal, particularly as it relates to targeting financial services organizations. Akamai's observations from November 2017 until October 2019, show the financial services industry ranking third in attack volume, with gaming and high tech being the most common targets. However, more than forty percent of the unique DDoS targets were in the financial services industry, which makes this sector the top target when considering unique victims.
Security teams need to constantly consider policies, procedures, workflows, and business needs - all while fighting off attackers that are often well organized and well-funded, Ragan concluded. Our data shows that financial services organizations are constantly improving by adopting fluid security postures, forcing criminals to change their tactics.
The Akamai 2020 State of the Internet / Security Report is available here. In addition, Akamai will be conducting a webinar on Thursday, February 20 at 11:00 a.m. ET where Akamai security experts discuss the findings of this latest report. To register for the webinar, visit here.
For additional information, the security community can access, engage with, and learn from Akamai's threat researchers and the insight that the Akamai Intelligent Edge Platform affords into the evolving threat landscape, visit Akamai's Threat Research Hub.
About Akamai Akamai secures and delivers digital experiences for the world's largest companies. Akamai's intelligent edge platform surrounds everything, from the enterprise to the cloud, so customers and their businesses can be fast, smart, and secure. Top brands globally rely on Akamai to help them realize competitive advantage through agile solutions that extend the power of their multi-cloud architectures. Akamai keeps decisions, apps and experiences closer to users than anyone - and attacks and threats far away. Akamai's portfolio of edge security, web and mobile performance, enterprise access and video delivery solutions is supported by unmatched customer service, analytics and 24/7/365 monitoring. To learn why the world's top brands trust Akamai, visit www.akamai.com, blogs.akamai.com, or @Akamai on Twitter. You can find our global contact information at www.akamai.com/locations.
Most recent headlines
17/02/2025
TVBEurope talks to the team who brought a piece of broadcasting history back to life on BBC Wales last night
By Jenny Priestley
Published: February 14, 2025 ...
17/02/2025
Eligible studios will receive the relief directly from their local authorities, with no need to submit a claim
By Matthew Corrigan
Published: February 17, 20...
17/02/2025
As DEI initiatives come under pressure in the USA, supporters of Rise, which promotes diversity in the media and entertainment sector, discuss the continuing im...
17/02/2025
EIB Global loan will partially fund SES's continued O3b mPOWER medium earth orbit (MEO) fleet expansion enabling additional capacity worldwide. O3b mPOWER s...
15/02/2025
At Nielsen, Business Resource Groups (BRGs) play a critical role in nurturing a ...
15/02/2025
Innovation to empower creativity: Explore the latest in Lightroom
Rob Christensen February 15, 2025
0 Comments
Whether you want to remove distracting ...
15/02/2025
Wisycom, a worldwide leader in RF technology and provider of wireless solutions, announces a new distribution agreement with EQUAPHON. An Argentinian profession...
15/02/2025
DPA Microphones, the leading manufacturer of high-quality microphone solutions, is pleased to welcome Nicholas Nick Mariano and Vincent Vince Divine to the ...
15/02/2025
Tuxera, a leading provider of quality-assured file systems and networking solutions, will showcase how Tuxera Fusion SMB enables unprecedented performance for m...
15/02/2025
Bitmovin's latest Video Developer Report indicates an increasing role of AI, the slow adoption of next-generation codecs, and continuing challenges when it ...
15/02/2025
When Michelin Enterprises set out to promote its prestigious Hotel Guide in the new Sleepless in the Kitchen , campaign, veteran German/Slovenian gaffer Robert...
15/02/2025
Formula E, the world's first all-electric racing series, revolutionizing motorsport with cutting-edge technology and a commitment to sustainability has sele...
15/02/2025
Agile Content, a global leader in TV and video technology solutions, announces its rebranding to AgileTV.
The transition to AgileTV stems from a commitment to ...
15/02/2025
Hiltron Communications will promote the latest additions to its range of satellite communication products, systems and supporting services at GovSatCom 2025. Th...
15/02/2025
Following the success of the original Airglow Booklight, DoPchoice debuts a new addition to their inflatable line the Float. This lightweight, inflatable, round...
15/02/2025
LAS VEGAS Marshall Electronics has announced that it will debut its newest camera controller, the RCP Plus, at the 2025 NAB Show at Booth N2649 between April 5 ...
15/02/2025
ATLANTA Gray Media has named Blake Sebo as the next general manager of KTUU and KYES, Gray's NBC and CBS affiliates in Anchorage, Alaska....
15/02/2025
KOKKEDAL, Denmark DPA Microphones will feature its new CORE+ technology for distortion-free microphone sound at the 2025 NAB Show, April 5-9, in Las Vegas....
15/02/2025
SWANSEA, U.K. QuickLink will launch StudioPro-NDI and StudioPro-3, two new models of its QuickLine StudioPro video production platform, at the 2025 NAB Show, Ap...
15/02/2025
Live From 2025 NBA All-Star Game Weekend: After 25 Years, Turner Sports All-In F...
15/02/2025
NASCAR Driver Cam on Max Embraces Cloud-Based Workflow for 2025 Season Chris Brown of WBD Sports says Mobii will play key part in delivering signals from the tr...
14/02/2025
Last month, we officially launched the Spotify Partner Program, a powerful new m...
14/02/2025
From an island off the coast of Lutruwita to the global stage in France SBS & ...
14/02/2025
The future of electro-optical/infrared (EO/IR) land systems is evolving so that ...
14/02/2025
Here are 5 reasons why you should attend ISE 2025
Discover more about Calrec: Learn more about Calrec's legacy of innovation in broadcast audio solutions ...
14/02/2025
World Radio Day: On the same wavelength
By Graham Murray, International Sales Manager at Calrec
To mark World Radio Day, Calrec's International Sales Ma...
14/02/2025
DALLAS and TYSONS, Va. Tegna has concluded a broadcast rights agreement that makes Tegna's KFAA in Dallas the exclusive local television partner of the Dall...
14/02/2025
Amazon's Prime Video has released a new app for Apple TV that the streamer said delivers an improved streaming experiences with faster scrolling, improved s...
14/02/2025
CLEVELAND Telos Alliance announced a software update for its Axia Quasar XR and SR line of audio-over-IP (AoIP) mixing consoles and will show the offering at th...
14/02/2025
Puget Systems Returns to HPA Tech Retreat 2025 with New Analysis Tools for Puge...
14/02/2025
Glass Animals: Tour of Earth Uses Blackmagic Live Production Workflow
Brie Clayton February 14, 2025
0 Comments
80six deploys Blackmagic URSA Broadcas...
14/02/2025
A dispute between Paramount and Youtube TV that would have pulled CBS stations and Paramount's cable channels from the streaming service has been temporaril...
14/02/2025
Colourist Deidre (Dee) McClelland details how she helped shape the distinct look and feel of whimsical Oscar-nominated stop-motion film, Memoir of a Snail
By C...
14/02/2025
BitFire said it intends to introduce forward-looking services that simplify the launch of live production workflows, and enhance real-time collaboration
By Jen...
14/02/2025
The claim by the liquidators is the latest twist in the ongoing saga of the companys collapse at the end of 2021
By Matthew Corrigan
Published: February 14, ...
14/02/2025
A carriage dispute between YouTube TV and Paramount could come to a head today (Feb. 13), with the virtual pay TV provider threatening to pull all of the progra...
14/02/2025
ENGLEWOOD CLIFFS, N.J. LG Electronics USA has opened a new in-house, state-of-the-art virtual production studio at its 360,000-square-foot North American headqu...
14/02/2025
NEW YORK In a bid to help local broadcasters find new ways of monetizing their content, the Coalition for Innovative Media Measurement (CIMM) and TVB have relea...
14/02/2025
WASHINGTON Three Democratic U.S. Senators have sent a stern letter blasting FCC Chair Brendan Carr for the weaponization of the agency for attacking broadcast...
14/02/2025
Years after launching the streaming service Apple TV+ in November of 2019, Apple has finally released a version of its steaming app for Android devices....
14/02/2025
FOOTHILL RANCH, Calif. Red Digital Cinema will make its V-RAPTOR [X] and KOMODO-X camera systems available with Nikon's premier Z Mount, providing filmmaker...
14/02/2025
DAYTONA, Fla. The Fox Sports production of this year's Daytona 500 will see the addition of a few new tech elements and the continued unfolding of the broad...
14/02/2025
Watch Bryson Battles Blind Audition on The Voice Get a Four-Chair Turn Michael Bubl said the Boston Conservatory at Berklee musical theater senior might have...
14/02/2025
2025 Daytona 500: FOX Sports Looks To Ride Super Bowl LIX Momentum Into NASCAR S...
14/02/2025
14 Feb 2025
VEON's Kyivstar and the Come Back Alive Foundation Raise USD 2....
14/02/2025
Max Renews THE PITT, Starring Noah Wyle, For A Second Season
Max
Warner Bros. Television Group
The Pitt
New Episodes Of The Medical Drama From John...
14/02/2025
This year, Technicolor proudly celebrates 110 years of shaping the magic of cinema pioneering color, visual effects, and innovation that bring unforgettable l...
14/02/2025
NBA All-Star: More Games, More Teams, More Music, More Sound From the Court Turner Sports' team will deploy familiar tech to capture all the audio By Dan D...
14/02/2025
LIV Golf Continues To Innovate With Drones, Data-Driven Graphics, and All-Access...
Akamai Security Research: APIs Are Now Target of Choice for Cybercriminals Attacking Financial Services Organizations Up to 75% of all Credential Abuse Attacks Targeted APIs 
