APIs are actually target of preference for cybercriminals attacking financial organizations
Akamai Technologies, Inc. today published the Akamai 2020 State of the web / Security: Financial Services - Hostile Takeover Attempts report. The study findings reveal that from May 2019 and continuing on before end of the year, there is a dramatic shift by criminals who started targeting APIs, in order to bypass security controls. According to data from Akamai, up to 75% of most credential abuse attacks against the financial services industry targeted APIs directly.
According to the report’s findings, from December 2017 through November 2019, Akamai observed 85,422,079,109 credential abuse attacks. Nearly 20 %, or 16,557,875,875, were against hostnames which were clearly discovered as API endpoints. Of these, 473,518,955 attacked organizations in the financial services industry.
However, not all attacks were exclusively API focused. On August 7, 2019, Akamai recorded the single major credential stuffing attack against a financial services firm, in our company's history, comprising 55,141,782 malicious login attempts. This attack was a mix of API targeting, and other methodologies. On August 25, in another incident, the criminals targeted APIs directly, in a run that contains a lot more than 19 million credential abuse attacks.
Indicative of the fluid attack dynamic, the report shows that criminals continue steadily to seek to expose data through several methods, in order to gain a stronger foothold on the server and finally achieve success in their attempts.
SQL Injection (SQLi) accounted for a lot more than 72% of most attacks when looking at all verticals during the 24-month period observed by the report. That rate is halved to 36% when looking at financial services attacks alone. The most notable attack type against the financial services sector was Local File Inclusion (LFI), with 47% of observed traffic.
LFI attacks exploit various scripts running on servers, and as a result, these types of attacks can be utilized to force sensitive information disclosure. LFI attacks can also be leveraged for client-side command execution (such as a vulnerable JavaScript file), which could bring about Cross-Site Scripting (XSS) and Denial of Service (DoS) attacks. XSS was the third-most common type of attack against financial services, with a recorded 50.7 million attacks, or 7.7% of the observed attack traffic.
The report also implies that criminals continue steadily to leverage Distributed Denial of Service (DDoS) attacks as a core element of their attack arsenal, particularly since it pertains to targeting financial services organizations. Akamai’s observations from November 2017 until October 2019, show the financial services industry ranking third in attack volume, with gaming and high tech being the most typical targets. However, a lot more than forty percent of the unique DDoS targets were in the financial services industry, making this sector the most notable target when contemplating unique victims.
