Financial services sees high increase in cyber-attacks year-on-year

According to a new report, there has been a 257% growth in the number of web application and application programming interface (API) cyber-attacks against financial services year-over-year.

Akamai Technologies, Inc., which released the report, further notes that around 80% of cyber-attackers aim their efforts at customers of financial services to find the paths of least resistance for monetary gain.

Other key findings of the report include:

• Within 24 hours, exploitation of newly discovered zero days against financial services reaches multiple thousands of attacks per hour and peaks quickly
• Distributed denial-of-service (DDoS) attacks against financial services are up 22% year-over-year
• A significant increase in Local File Inclusion (LFI) and Cross Site Scripting (XSS) attacks demonstrates that attackers are shifting towards remote code execution attempts that present a larger strain on internal network security
• Phishing campaigns against financial services customers are introducing techniques that bypass two-factor authentication solutions and increase risk for everyday customers
• Customer account takeover attempts represent over 40% of attack types with another 40% focusing on website scraping, which is used to create more convincing phishing scams

Another finding revealed that DDoS cyber-attacks against financial services in Europe overtook the US, which usually leads in this category.

Digitization and limited cyber-attack governance could be factors that contribute to growing cyber-criminal activities in Latin America, the report also notes. The region has seen a 419% increase in web application and API-related attacks over the past year. Cyber-crime costs the region $90 billion annually and prominent threats include crypto-jacking, fraud, banking trojans and ransomware.

“Financial services is one of the most attacked industries when new vulnerabilities are discovered, a favorite target of DDoS attacks and continuously focused on by phishing campaigns, which are aimed at their customers who suffer the brunt of these attacks,” said Steve Winterfeld, Advisory CISO for Akamai. “Understanding attack surfaces could provide insights into key risks and therefore allow organizations to devise security controls and mitigation plans to better protect customers.”