The financial services sector has been hit by cybercriminals again and again - ranging from ransomware attacks to DDoS attacks to phishing, it has seen all. Akamai published its “State of the Internet report, Enemy at the Gates” that analyzed the global customer traffic from October 01, 2021 to September 26, 2022.
Some stats your way
The Akamai report sheds light on the various kinds of threats faced by financial services in the above period.
The financial services sector displayed a 3.5 times increase (257%) in web app and API attacks, year-over-year - the highest growth observed compared to every other major sector.
The Asia-Pacific and Japan FinServ industry accounted for a 449% surge in web app and API attacks, mostly owing to ransomware, followed by North America at 354%.
Over 80% of threat actors targeting the sector focus on customer accounts, either directly or through phishing emails, instead of organizations.
Account takeover attacks are directly aimed at customers while attackers use website scraping attacks to create phishing schemes and build kits that impersonate legit websites.
In addition to the above, botnet activity against FinServ increased by 81% while DDoS attacks increased by 22%. Botnets played a key role in account takeover, with threat actors using them for credential stuffing.
Where are the threats coming from?
The aim of the threat actors in such attacks has been to perform financial fraud or steal credentials for account takeover and credential stuffing attacks.
In its 2022 Cloud Data Security Report, Netwrix reported that 44% of FinServ organizations stated that their IT teams are the biggest risk to cloud data security.
Moreover, 32% of organizations in the financial services sector observed accidental data leakage compared to an average of 25% in other industry verticals.
The bottom line
Attacks on networks and applications can happen anywhere, anytime. Understanding your attack surfaces can help you increase your understanding of key risks so that you can devise security controls and mitigation plans to minimize exposure to attacks. The surge in web app and API attacks highlights the importance of having proactive measures in place.