Akamai Talks Massive Uptick in Credential-Stuffing Attacks Against Bank APIs
upstart writes in with an IRC submission for AnonymousCoward:
Akamai Talks Massive Uptick in Credential-Stuffing Attacks Against Bank APIs:
Cybercriminals continue to firehose financial services companies with new and innovative cyberattacks. Research from Akamai recently found that up to 75 percent of all credential abuse attacks against the financial services industry in 2019 targeted APIs directly (rather than user-facing login pages). One such credential stuffing attack, observed last summer, hit one of Akamai's financial services customers with a blizzard of 55 million malicious login attempts.
"We talk about API attacks and the reason why criminals are using targeted methods against API because the traditional 'throw it and hope it sticks' against financial services just isn't cutting it anymore, they have to be more creative," Steve Ragan, security researcher with Akamai, told Threatpost. "And of course this creates this 'run and gun' type of situation to where the financial services industry has to keep adding more layers and getting more creative with how they're doing defense because the criminals are obviously coming at them full steam ahead."
Threatpost talks to Ragan about the hardest hitting attack threats against the financial services industry, including credential stuffing attacks, DDoS attacks and more.
Read more of this story at SoylentNews.