Financial services companies continue to be a recurrent target of hackings. Attacks against the financial sector are growing in ‘quantity and sophistication’ according to a new report from Akamai Technologies.
In August 2019 Akamai observed a record-breaking attack against a financial firm. This attack included 55 million malicious login attempts. Although the attackers eventually failed Akamai report notes that financial services companies remain the primary target of hackers.
According to the report from December 2017 through November 2019, 85,422,079,109 credential abuse attacks occurred across Akamai’s customer base. 20 per cent or 16,557,875,875, were against hostnames that were clearly identified as API endpoints. Of these, 473,518,955 attacked organizations in the financial services industry.
The report revealed that Malaysia was the third-largest source of attacks, behind China and the United States: “In our most recent data set, Malaysia accounts for 351,107,813 of the malicious logins against financial services, or 21.49% (a drop of 1.66%, despite the 100-million-plus increase in total malicious login count).”
As credential stuffing, SQLi and DDoS attacks continue to threaten the financial sector; the report proposes to fight this assault with the Zero Trust model.
“The Zero Trust model replaces “trust, but verify” with “trust nothing, and trust no one.” Under Zero Trust, the network cuts off all access to network resources until it determines who the user is, and whether they’re authorized. Nothing, absolutely nothing, inside or outside of the network is trusted” the report observes.
It will be harder for criminals to leverage phishing or custom command and control servers – the report suggests – since DNS can be blocked at the source.