Akamai Diversity

Akamai Security Intelligence
& Threat Research

State of the Internet/ Security Volume 5, Issue 4 - Financial Services

The cliché "follow the money" is exactly what criminals do when targeting the financial services vertical. In the State of the Internet/ Security, Volume 5, Issue 4, we take a deeper dive into how credential stuffing and web attacks are impacting one of the world's most powerful industries.

Steve Ragan, editor for the State of the Internet / Security, shares a personal story about how his credentials were compromised, which lead to the bank freezing his account. "I was a credential stuffing attack target, but fortunately for me, I wasn't a victim," writes Ragan, as he recounts how his due diligence, paired with his bank's quick response, helped keep his money exactly where it needed to be.


The financial services industry is one of the largest, and most sought-after targets for attackers. This particular industry revolves around trust and security, therefore these elements are quite often the key focal point for criminals. Within these focal points, criminals target web applications and authentication systems, which is where we've seen scores of attacks during the timeframe covered by the latest report. 

94% of the attacks that targeted the financial services industry came from four attack types: SQL Injection (SQLi), Local File Inclusion (LFI), Cross-Site Scripting (XSS), and OGNL Java Injection (which accounted for more than 8 million attempts during this reporting period). Such a high volume of OGNL Java Injections serves to remind us that attacks against Apache Struts are still a popular option for criminals targeting the financial services industry, even two years after patches were made available.

When it came to malicious logins against financial service organizations, the United States took the top spot globally. The United States was then followed by China, Malaysia, Brazil, and Germany, to round out the top five.

276 MP-15691 SOTI_Social Images_Report Fig 6(2).jpg

While the gaming vertical was the top target between November 2017 and April 2019, in terms of DDoS attack volume with just under 9,000 attacks, the industry with the most unique targets was financial services. During the 18-month window used for this report, more than 40% of the unique DDoS targets were in the financial services industry.

In this report, we also took a closer look at authentication mechanisms, since the financial services industry typically uses an API process or login application. Financial institutions used the Open Financial Exchange (OFX) protocol to handle data, and that comes with it's own unique set of risks and problems. 

Dive deeper into these topics and more by reading the latest report.