Increasingly, This Security Threat Stalls the Financial Services Industry

Posted on

The provider of cyber security solutions, Akamai, issued a report titled Internet Conditions / Akamai Security 2018 Regarding Credential Stuffing Attacks which revealed dangerous login attempts worldwide continued to increase.

The findings in this report show that Akamai detected around 3.2 billion malicious logins per month from January to April 2018, and more than 8.3 billion malicious login attempts from bots in May and June 2018 – the monthly average increased by 30 percent. In total, from the beginning of November 2017 to the end of June 2018, the analysis of Akamai researchers shows more than 30 billion dangerous login attempts over an eight-month period.

Malicious login attempts come from credential stuffing, where hackers systematically use botnets to try login information stolen on various webs. They target login pages for local banks and retailers because many customers use the same login credentials for multiple services and accounts. Credential stuffing can cost the organization millions to tens of millions of dollars per year, according to the report “Losses Due to Credential Stuffing” from The Ponemon Institute.

Security research and threats and the detection of Akamai’s behavior support the company’s bot management technology, and Akamai’s Vice President of Web Security, Josh Shaul, provides an example in combating the misuse of credentials on behalf of one customer.

“One of the largest financial services companies in the world experiences more than 8,000 monthly account takeovers, which results in direct losses due to fraud of more than $ 100,000 per day,” Shaul said.

Shaul further said the company turned to Akamai to implement behavior-based bot detection in front of each customer’s login endpoint and immediately saw a drastic reduction in account takeovers to only one to three cases per month and fraud losses reduced to only $ 1,000 to $ 2,000 per day.

In addition, the Internet Conditions report describes two cases in which Akamai is fighting credential stuffing efforts for clients that show the severity of the method.

In the first case, the report describes the various problems faced by Fortune 500 financial services institutions where attackers use botnets to carry out 8.5 million malicious login attempts within 48 hours of sites that usually only experience seven million login attempts a week. More than 20,000 devices are included in this botnet, which is capable of sending hundreds of requests per minute. Akamai’s research identified that nearly one third of the traffic in this attack came from Vietnam and the United States.

A second real example from the report illustrates the types of “low and slow” attacks identified at a credit cooperative earlier this year. This financial institution experienced an increase in high dangerous login attempts which eventually revealed a botnet trio targeting its site. While noisy botnets steal their attention, the discovery of botnets that try to infiltrate very slowly and methodically raises greater concern.

“Our research shows that people who carry out these credential stuffing attacks continue to perfect their equipment. They have a variety of methodologies, ranging from noise-based volume attacks, to “low and slow” attacks clandestinely, “said Martin McKeay, Senior Security Advocate at Akamai and Lead Author reports on Internet Conditions / Security.

In line with that, Martin McKeay appealed to us to be more vigilant when seeing several attacks simultaneously targeting one target.

“Without the special expertise and tools needed to defend themselves from various campaigns from many parties, organizations can easily experience some of the most dangerous credential attacks,” he said.