Report Finds Increased Credential Stuffing Attacks on Financial Sector

September 24, 2018

Akamai researchers reported an increase in credential stuffing attacks primarily targeting the financial sector after they observed over 30 billion malicious login attempts from November 2017 to June 2018. They observed the attacks originating from the United States, Russia and Vietnam.

Credential stuffing is a technique that involves the use of botnets in an automated injection attack to access online services using stolen credentials. The method uses leaked email addresses and passwords via automated scripts to bombard and overwhelm the network until a legitimate set of credentials permit the hijacking of at least one account. The attack technique results in business losses from fraud, downtime caused by crashing the network, response and customer notification, system remediation, and damage to the reputation.

The study highlighted that attacks like these do not discriminate on enterprise size. Cited examples were a Fortune 500 company and a credit union whose regular login attempts caused spikes in network traffic per minute. An observation over the course of six to seven days ramped up network activities from 4.2 million to 8.5 million malicious attempts, leading to the discovery of both active botnet brute force attacks and stealthy attempts to access the system.

[Read: A Shift in the ATM Malware Landscape: From Physical to Network-based Attacks]

The financial and retail industries remain primary targets for these attacks because of how easy it is to implement these automated assaults; mobile and website interfaces and operating systems are kept at a minimum as lengthy loading time is seen to be a deterrence to customers’ and legitimate users’ online experiences. Further, both consumers and employees tend to recycle the same email and password combinations for multiple online accounts, as well as companies’ continued use of outdated or unsupported versions of operating systems. In the middle of these factors are organization employees’ and established systems’ inability to differentiate valid users accessing their respective accounts as opposed to criminal users.

Attacks on the financial sector through their online assets will only increase in number, types and methods as cybercriminals devise more ways to profit. Here are some ways to strengthen security against these types of attacks:

  • Practice good password hygiene. Avoid reusing the same email and password combination for multiple online accounts, and change your access credentials frequently.
  • Enable two-factor authentication (2FA) whenever possible. Layered protection is always better than single access authentication.
  • Regularly download updates from legitimate vendors.
  • Observe your network traffic and system. A significant increase in network inquiries, access, or slowdowns may indicate an attack. Run security software to find and remove malware infection.

[Read: Alice: A Lightweight, Compact, No-Nonsense ATM Malware]

Trend Micro XGen™ security provides organizations a cross-generational blend of threat defense techniques against a full range of threats for data centerscloud environmentsnetworks, and endpoints.

It features high-fidelity machine learning to secure the gateway and endpoint data and applications, and protects physical, virtual, and cloud workloads. With capabilities like web/URL filtering, behavioral analysis, and custom sandboxing, XGen protects against today’s purpose-built threats that bypass traditional controls, exploit known, unknown, or undisclosed vulnerabilities, and either steal or encrypt personally identifiable data. XGen powers Trend Micro’s suite of security solutions: Hybrid Cloud Security, User Protection, and Network Defense.


Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.