Akamai Security Research: Financial Services Continues Getting Bombarded with Credential Stuffing and Web Application Attacks

Welcome to the second State of the Internet / Security report of 2021. Whether you’re a new reader or someone who’s been reading for years, we’re glad you’re reading this issue. As always, we continuously strive to improve our work and bring you something new with every effort.

You may remember our gaming security issue from 2020, where we partnered with the digital events company DreamHack. We supplemented our data and research with information on the views and opinions, based on a survey of more than 1,000 gamers. This was the first time we’d gone beyond the data Akamai was able to gather to learn more about the problems we’re facing.

In this issue, we’re going even further. While we have access to some of the largest security data sets in the world, our viewpoint is limited to the traffic that traverses our networks and is seen by our tools. Even the hundreds of terabytes we serve every second are only a part of the global story. This is why we’re partnering with threat intelligence company WMC Global for this report

A significant part of what makes the security industry effective is the number of partnerships that go on quietly behind the scenes.

The researchers at WMC Global are experts at understanding SMS phishing (smishing) and the toolkits that criminals devise to make their attacks possible. Working together, we were able to not only look at the global contours of attack traffic, but also pick apart a specific toolset. Our desire is to provide you with both a wide view of the threat and a deep dive into a specific threat.

A significant part of what makes the security industry effective is the number of partnerships that go on quietly behind the scenes. Whether it’s various global law enforcement agencies cooperating with each other, security organizations cooperating with law enforcement, or the partnerships that happen daily between individuals and companies, much of this work goes unseen by the average security professional.

But that doesn’t always have to be the case. We believe that organizations should be working together publicly to share intelligence with you. Verizon’s Data Breach Investigations Report (DBIR) is the best-known and longest-standing example of shared intelligence, which Akamai has been contributing to for over half a decade (seven reports, if you want to be exact). We’d like to see more, which is why we’re leading by example. Or following the example set by others, depending upon your point of view.

We appreciate having partners like the team at WMC Global who are willing to take the time to develop research with us. This type of work makes us more knowledgeable and better able to protect our organizations and our end users, which should be a goal for every security professional.