Jump to content
  • Global Credential Stuffing Attempts Hit 193 Billion in 2020


    mood

    • 745 views
    • 2 minutes
     Share


    • 745 views
    • 2 minutes

    Global Credential Stuffing Attempts Hit 193 Billion in 2020

     

    There were 193 billion credential stuffing attempts during 2020 as cyber-criminals looked to capitalize on surging numbers of online users, according to Akamai.

     

    The security vendor’s latest 2021 State of the Internet / Security report revealed the sheer scale of attempts to crack open users’ accounts using previously breached credentials.

     

    Focusing mainly on the financial sector, the report claimed that Akamai detected 3.4 billion credential stuffing attempts targeting the vertical — a 45% increase on the previous year.

     

    Akamai also detected nearly 6.3 billion web application attacks in 2020, over 736 million of which were aimed at financial services organizations — an increase of 62% from 2019.

     

    In the financial services industry, Local File Inclusion (LFI) attacks were the number one web application attack type in 2020, accounting for 52% of the total, followed by SQLi (33%) and cross-site scripting (9%).

     

    However, globally across all sectors, SQLi was in top spot — accounting for 68% of all web application attacks in 2020 — while LFI attacks came second with 22%.

    “The ongoing, significant growth in credential stuffing attacks has a direct relationship to the state of phishing in the financial services industry,” said Steve Ragan, Akamai security researcher and report author.

    “Criminals use a variety of methods to augment their credential collections, and phishing is one of the key tools in their arsenal. By targeting banking customers and employees in the sector, criminals increase their pool of potential victims exponentially.”

     

    The report detailed the rise of smishing and phishing attacks against the financial services sector, specifically via two popular toolkits: Kr3pto and Ex-Robotos.

     

    Akamai said threat intelligence company WMC Global detected smishing campaigns launched via Kr3pto which spoofed 11 brands in the UK, across more than 8000 domains since May 2020.

     

    In total, the firm tracked over 4000 campaigns linked to Kr3pto targeting victims via SMS messaging over 31 days in Q1 2021.

    “It's important to remember that employees are consumers too, and with the prevalence of work from home, as well as mobile device usage in corporate environments, criminals are not shy about attacking people no matter where they are, which explains the recent growth in SMS-based phishing attacks,” argued WMC Global senior threat hunter, Jake Sloane.

     

     

    Source: Global Credential Stuffing Attempts Hit 193 Billion in 2020


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...