According to F5's cybersecurity agency's report published recently, the financial sector has been a victim of severe credential stuffing attacks than the DDoS attacks in the last three years. The statistics included attacks against the financial industry as a whole. It recorded attacks against the banks, credit unions, insurance companies, broker agencies, and other services like Saas (Software as a Service) and payment processors.
The report's conclusion rejects the common belief that the financial sectors suffer the most from DDoS attacks, as other prominent threat actors are emerging. Reports say that in recent times, brute force attacks, ATO (Account Takeover) attacks, credential stuffing attacks have done more considerable damage on the financial sectors than DDoS, from the year 2017-19.
The ATO attacks include:
- Credential Stuffing- When the hackers try to attacks by using leaked usernames and passwords they find on websites.
- Brute Force Attacks- Hackers use very common or weak passwords from a list to carry out brute attacks.
- Password Spraying- Hackers use the same passwords but against many individuals.
According to F5's reports, the DDoS attacks surged in the year 2019, but these figures cant be entirely accurate. Some credential-stuffing and brute force attacks are so fast and destructive that they are sometimes mistaken for DDoS attacks. The reason for the rapid rise of credential stuffing and brute force attacks is because the availability of leaked usernames and passwords is getting shorter and shorter. Due to scarcity in leaked passwords, the hackers are trying to get as much as they can from the attacks, hence the increase.
Banks in North America a bigger target
According to the experts, North American banks have witnessed the highest number of brute force and credential stuffing attacks because of the availability of leaked passwords and credentials of the North American users on the websites since the last decade. "The combination of a global rise in DoS attacks and an increasing focus in North America on credential-based attacks suggests some ambivalence among attackers regarding the best strategies for extracting value from financial services targets," concludes F5 in its report.