In Volume 5, Issue 4 of the State of the Internet / Security report, we focused on the methodologies and tools that criminals use to conduct credential stuffing attacks against the financial services industry. At that time, we noted that attacks against financial services institutions were growing in both quantity and sophistication.
This still holds true today. Shortly after that report was published, Akamai witnessed a recordbreaking attack against a well-known financial firm. This attack, which included 55,141,782 malicious login attempts, happened on August 7,These login attempts, commonly known as credential stuffing attacks, represented the largest spike in targeted credential abuse against financial services we’ve seen since we started tracking these attacks. While the attackers ultimately failed, the volume and intensity of their effort proves that financial organizations are still a prime target for criminals.
In this report, we examine application programming interfaces, or APIs, that criminals target with credential stuffing attacks.