PR Archives:  LatestBy Company By Date


Press Release -- September 29th, 2023
Source: Akamai
Tags:

Akamai Research Finds 65% Increase in Web Application and API Attacks on Financial Services

Cambridge, MA USA | September 27, 2023

Share

AKAM, news, filings), the cloud company that powers and protects life online, today released&nbsp; a new State of the Internet report that explores existing and emerging cyberattacks against the financial services industry. The new report, <a title=\"SOTI Security The High Stakes of Innovation\" href=\"/content/akamai/en/lp/soti/2023/high-stakes-of-innovation.html\" target=\"_self\">The High Stakes of Innovation: Attack Trends in Financial Services</a>, includes regional data as well as a look into what is driving the increased number of attacks against the sector.</p>\r\n<p>The report notes that application and API attacks in the financial services vertical grew by 65% when comparing Q2 2022 with Q2 2023. This amounts to more than 9 billion attacks over a period of 18 months. The attacks were driven in part by cybercriminal groups conducting zero-day and one-day vulnerability abuse as pathways for initial intrusion. The High Stakes of Innovation: Attack Trends in Financial Services report shows that financial services has surpassed gaming as the top vertical for DDoS attacks. This is due to Layer 3 and Layer 4 DDoS attacks caused by the dramatic surge in the power of virtual machine botnets and hacktivism motivated by the Russia-Ukraine conflict.&nbsp;</p>\r\n<p>The High Stakes of Innovation: Attack Trends in Financial Services features commentary and recommendations from Teresa Walsh, Global Head of Intelligence for the Financial Services Information Sharing and Analysis Center (FS-ISAC). She writes, “One of the key threat vectors facing the global financial sector is supply chain risk. As shown by Akamai’s research, the significant increase in attacks and vulnerabilities through third-party APIs and scripts requires firms to take an increasingly active approach to hardening systems and third-party risk management more broadly.”</p>\r\n<p>Other key findings of the report include:</p>\r\n<ul>\r\n<li>The Europe, Middle East, and Africa region accounts for 63.5% of DDoS events. The number of attacks against this region nearly doubled the number for the next top region. This is likely due to political motivations of attack groups against European banks.&nbsp;</li>\r\n<li>Financial services remains the most targeted web attack vertical in the Asia, Pacific, Japan (APJ) region, which experienced nearly 50% of all web application and API attacks during the reporting period.</li>\r\n<li>The rapidly climbing number of malicious bot requests (1.1 trillion), which increased by 69%, exemplifies the continued assault against customers and their data through attacks like account takeover and the risks posed by financial aggregators.&nbsp;</li>\r\n<li>Although the financial services vertical has fewer third-party scripts than other industries, at 30%, they are prone to attacks like web skimming. However, financial services entities are proactively fighting back with the adoption of solutions to comply with the new requirements of PCI DSS 4.0.</li>\r\n<li>Local File Inclusion (LFI) vulnerabilities are driving the surge in web application and API attacks with 53% growth in the last year. LFI has consistently remained the top web attack vector.</li>\r\n</ul>\r\n<p>“Financial services is heavily targeted by attackers with both old and new security threats,” said Steve Winterfeld, Advisory CISO at Akamai. “The High Stakes of Innovation: Attack Trends in Financial Services evaluates Akamai’s massive volume of threat traffic to provide insights and analysis that will help this sector defend critical data and improve security for customers.”</p>\r\n"}}">

Akamai Technologies, Inc. (NASDAQ: AKAM), the cloud company that powers and protects life online, today released  a new State of the Internet report that explores existing and emerging cyberattacks against the financial services industry. The new report, The High Stakes of Innovation: Attack Trends in Financial Services, includes regional data as well as a look into what is driving the increased number of attacks against the sector.

The report notes that application and API attacks in the financial services vertical grew by 65% when comparing Q2 2022 with Q2 2023. This amounts to more than 9 billion attacks over a period of 18 months. The attacks were driven in part by cybercriminal groups conducting zero-day and one-day vulnerability abuse as pathways for initial intrusion. The High Stakes of Innovation: Attack Trends in Financial Services report shows that financial services has surpassed gaming as the top vertical for DDoS attacks. This is due to Layer 3 and Layer 4 DDoS attacks caused by the dramatic surge in the power of virtual machine botnets and hacktivism motivated by the Russia-Ukraine conflict.

The High Stakes of Innovation: Attack Trends in Financial Services features commentary and recommendations from Teresa Walsh, Global Head of Intelligence for the Financial Services Information Sharing and Analysis Center (FS-ISAC). She writes, “One of the key threat vectors facing the global financial sector is supply chain risk. As shown by Akamai’s research, the significant increase in attacks and vulnerabilities through third-party APIs and scripts requires firms to take an increasingly active approach to hardening systems and third-party risk management more broadly.”

Other key findings of the report include:

  • The Europe, Middle East, and Africa region accounts for 63.5% of DDoS events. The number of attacks against this region nearly doubled the number for the next top region. This is likely due to political motivations of attack groups against European banks.
  • Financial services remains the most targeted web attack vertical in the Asia, Pacific, Japan (APJ) region, which experienced nearly 50% of all web application and API attacks during the reporting period.
  • The rapidly climbing number of malicious bot requests (1.1 trillion), which increased by 69%, exemplifies the continued assault against customers and their data through attacks like account takeover and the risks posed by financial aggregators.
  • Although the financial services vertical has fewer third-party scripts than other industries, at 30%, they are prone to attacks like web skimming. However, financial services entities are proactively fighting back with the adoption of solutions to comply with the new requirements of PCI DSS 4.0.
  • Local File Inclusion (LFI) vulnerabilities are driving the surge in web application and API attacks with 53% growth in the last year. LFI has consistently remained the top web attack vector.

“Financial services is heavily targeted by attackers with both old and new security threats,” said Steve Winterfeld, Advisory CISO at Akamai. “The High Stakes of Innovation: Attack Trends in Financial Services evaluates Akamai’s massive volume of threat traffic to provide insights and analysis that will help this sector defend critical data and improve security for customers.”

About Akamai

Akamai powers and protects life online. Leading companies worldwide choose Akamai to build, deliver, and secure their digital experiences — helping billions of people live, work, and play every day. Akamai Connected Cloud, a massively distributed edge and cloud platform, puts apps and experiences closer to users and keeps threats farther away. Learn more about Akamai’s cloud computing, security, and content delivery solutions at akamai.com and akamai.com/blog, or follow Akamai Technologies on Twitter and LinkedIn.

PR Archives: Latest, By Company, By Date