Accessibility links
  • Skip to main content
News Icon NEWS FILTER
All News Scams & Phishing Security Education Videos Mobile Security Your Security Education Identity Theft Corporate Security
Search Icon SEARCH
 

Email Icon SUBSCRIBE TO WEEKLY NEWSLETTER
The Sobering State of  Cybercrime And The Finserv Industry In 2022
Facebook   X   LinkedIn   Email

The Sobering State of Cybercrime And The Finserv Industry In 2022

March 19, 2023

In the cybersecurity world, it's always good vs. evil and like in a movie, we're waiting to find out who will win the constant battle. These days, it seems the criminals are always just one step, or more, ahead of the defenders. The 2022 version of Akamai's “Financial Services State of the Internet (SOTI) report,” does not paint a happy picture for the “good guys.” Especially in terms of the attackers’ increasing exploitation of zero-day vulnerabilities, Botnet activity, and increasingly effective phishing attacks, particularly related to the financial services (FinServ) industry. The statistics in the report make for sobering reading.

FinServ showed a 3.5 times surge in web application and API attacks in 2022 when compared to activity in 2021. That growth is the highest affecting any major industry. The trend is not only extremely worrying for the organizations that are under increasing attack, but also for their clients. An estimated 80% of attacks are now focused on the clients of the industry, rather than the FinServ organizations themselves. Attacks such as account takeover attacks are either directly targeting clients’ personal data or using increasingly sophisticated web scraping techniques. These involve the creation of mirror images of legitimate FinServ websites that then employ tried and tested phishing techniques to gather client data.

Unfortunately, the bad news from Akamai keeps coming in this comprehensive report. Botnet activity aimed at FinServ organizations has increased by 81% when compared to 2021, and DDoS attacks increased by 22%. Botnets are now playing an ever-increasing role in account takeover attempts - with bad actors employing them for credential stuffing.

Sophisticated API attacks are also on the increase and cybersecurity teams are under enormous pressure due to the lightning-quick exploitation of zero-day vulnerabilities where multiple thousands of attacks occur per hour and provide the cybersecurity teams with very little breathing space to react and patch vulnerabilities.

What organizations can do, is prepare. Provide perimeter security internally as well as comprehensive and ongoing cybersecurity awareness training for all employees. Extend training to customers and members so they can get the benefit of knowing the latest threats to their security. There are many organizations that can help with this. Get recommendations, do some research, and figure out what works for you.

Remember not to stop at a one-and-done strategy. Continue the awareness throughout the year and you can limit the cybersecurity risk to your organization and to the members and customers that use your services.

Given this current state of affairs and the upward trend in attacks aimed at FinServ companies and consumers, both parties can expect 2023 to offer more of the same.  The good news is that knowledge really is power.


Credential Stuffers Compromise More Than 100K Accounts

Your Security

Credential Stuffers Compromise More Than 100K Accounts

Credential stuffing is a cyber-attack in which stolen user credentials and corresponding passwords are used with brute force to make automated login requests. The stolen user credentials are typically from data breaches that could have happened recently, but also may have occurred long ago. These types of attacks are particularly effective when the same username and password combination is used across multiple websites or services. New York’s attorney general announced that an investigation into credential stuffing had uncovered 1.1 million compromised customer accounts linked to 17 well-known companies. READ FULL STORY

Online Banking Risks – How Financial Institutions And Customers Partner For Better Security

Your Security

Online Banking Risks – How Financial Institutions And Customers Partner For Better Security

The financial services sector has gone through significant changes since horse-drawn wagons delivered money to banks. Long after that, in-person visits to your local branch gave way to online banking on devices. But the start of the pandemic in 2020, left its mark on financial services and their customers. The risks of e-banking have been a very real concern ever since bad actors switched from cracking bank safes to cracking online accounts instead. A partnership with your financial institution can help boost online security. READ FULL STORY

Shut The Door! Don't Leave Your Network Open To Account Takeovers

Corporate Security

Shut The Door! Don't Leave Your Network Open To Account Takeovers

If your company is like most, it has seventeen sets of login credentials floating around online. According to a study by Arctic Wolf, those credentials exposed in data breaches or other cybercrimes are always welcome on the dark web. They’re typically for sale, but often offered for free, and anyone interested in using them has a digital buffet of login data at their disposal. Arctic Wolf’s report, “2020 Security Operations” sheds light on account takeovers and how easily they can be launched. READ FULL STORY








Close
Fraud News & Alerts!

Keep up with the latest cyber security news through our weekly Fraud News & Alerts updates. Each week you will receive an email containing the latest cyber security news, tips and breach notifications.



You're all set!

You will receive your first official security update email within the next week.

A welcome email has also just been sent to you. If you do not receive this email within the next few minutes, please check your Junk box or spam filter to confirm our emails are not being blocked.


 
Help  
Enter any word or words you like.        

The email newsletter will arrive from news@stickleyonsecurity.com


Loading
Please wait...