According to one report of F5, the last three years, the businesses at financial sector face more credential stuffing and brute-force attacks and less DDoS (although many believe that DdoS attacks are one of the most common forms of attack).
F5 presented statistics on attacks carried out against banks, financial services, brokers, insurance companies and other organizations that serve them (eg financial Software as a Service (Saas) etc).
The findings of the report show that DDoS attacks are not one of the most common threats for the financial sector.
In fact, the F5 says that brute force attacks, credential stuffing and other ATO attacks (Attacks aimed at taking control of accounts) were the biggest threats to the financial sector among 2017 and 2019. This includes all ATO variants such as:
- Brute-force attacks: Attackers try common or "weak" name combinations user / password (from a predefined list), hoping to get the right combination to access the victim's account.
- Credential stuffing: The hackers test pairs of usernames / passwords that have leaked to sites from previous data breaches.
- Password spraying: Attackers try the same password, but with different usernames.
Some credential stuffing attacks look like DdoS
According to F5 data, in 2019, the number of DdoS attacks had increased, but that number may be misleading, as some attacks brute-force and credential stuffing are done extremely quickly and create such problems that it is difficult to separate them from real DdoS attacks.
Brute-force and credential stuffing attacks have become more "wild" because hackers they must act immediately and use the leaked credentials before the victims can change them.
To gain access to a victim's bank account, attackers start trying out different codes very quickly, causing a lot of "traffic". For this reason, many initially believe that this is a DdoS attack.
North American banks are the most common target
The chart below shows the percentage of different attacks depending on the geographical area.
"We assume that the increased number of brute force and credential stuffing attacks on North America largely guided by the huge volume of existing breached credentials for them users of North America. "In the last decade, data breaches have been observed almost every day," said F5 researchers.