Tuesday, January 26, 12:18
Home security Increased credential stuffing attacks in the financial sector

Increased credential stuffing attacks in the financial sector

According to one report of F5, the last three years, the businesses at financial sector face more credential stuffing and brute-force attacks and less DDoS (although many believe that DdoS attacks are one of the most common forms of attack).

F5 presented statistics on attacks carried out against banks, financial services, brokers, insurance companies and other organizations that serve them (eg financial Software as a Service (Saas) etc).

The findings of the report show that DDoS attacks are not one of the most common threats for the financial sector.

In fact, the F5 says that brute force attacks, credential stuffing and other ATO attacks (Attacks aimed at taking control of accounts) were the biggest threats to the financial sector among 2017 and 2019. This includes all ATO variants such as:

  • Brute-force attacks: Attackers try common or "weak" name combinations user / password (from a predefined list), hoping to get the right combination to access the victim's account.
  • Credential stuffing: The hackers test pairs of usernames / passwords that have leaked to sites from previous data breaches.
  • Password spraying: Attackers try the same password, but with different usernames.

Some credential stuffing attacks look like DdoS

According to F5 data, in 2019, the number of DdoS attacks had increased, but that number may be misleading, as some attacks brute-force and credential stuffing are done extremely quickly and create such problems that it is difficult to separate them from real DdoS attacks.

Brute-force and credential stuffing attacks have become more "wild" because hackers they must act immediately and use the leaked credentials before the victims can change them.

To gain access to a victim's bank account, attackers start trying out different codes very quickly, causing a lot of "traffic". For this reason, many initially believe that this is a DdoS attack.

North American banks are the most common target

The chart below shows the percentage of different attacks depending on the geographical area.

"We assume that the increased number of brute force and credential stuffing attacks on North America largely guided by the huge volume of existing breached credentials for them users of North America. "In the last decade, data breaches have been observed almost every day," said F5 researchers.


Please enter your comment!
Please enter your name here

Digital Fortresshttps://www.secnews.gr
Pursue Your Dreams & Live!


Tesla / Samsung Partnership: New chip for fully autonomous driving

Tesla has partnered with Samsung on a new 5nm chip that offers fully autonomous driving, according to a new report coming from ...

Office 365: New phishing campaign targets company executives!

A phishing campaign is underway, which appears to provide password expiration reports for Office 365, managing to breach ...

Covid-19: Google Maps will show where vaccinations will be given

The Google Maps app will soon show the vaccination sites for Covid-19, further boosting awareness of ...

Apple Watch Series 7: Will have blood glucose monitoring

According to ETNews, the Apple Watch Series 7 will include the ability to monitor blood glucose through an optical sensor.

Google: North Korean hackers target security researchers via social media

Google has released a report revealing that North Korean hackers are targeting security researchers through social media who are involved in ...

Twitter: Fights misinformation with "Birdwatch"

Twitter unveiled a new feature that aims to step up its efforts to combat misinformation, with the help ...

Netherlands: COVID-19 patient data was sold illegally

Two suspects have been arrested by Dutch police for allegedly selling COVID-19 patient data by Dutch health ministry systems.

Apple: Attention! Keep iPhone away from your pacemaker!

If you have an iPhone, then you may be interested in the following warning. Apple informed its customers that the iPhones may interfere ...

COVID-19 vaccines: Ways to protect supply chains

The development of vaccines for COVID-19 in such a short period of time has created many challenges and these are not only related to ...

How do insurance companies "enhance" ransomware attacks?

Ransomware attacks have increased significantly, with experts warning that their victims should not pay ransom to hackers ....