Malicious Login Attempts by Bots Rise with Financial Services a Key Target

May to June this year saw a 30 percent increase in worldwide malicious login attempts. This amounts to 8.3 billion login threat actions by bots over that time period.

This is according to US-based content delivery network and cloud service provider Akamai’s 2018 State of the Internet report, that discovered more than 30 billion malicious login attempts over an eight month period.

A key concern highlighted in the report is the rise of credential stuffing, a process that involves threat actors who have already obtained the login credentials of users from a previous attack or a simple purchase on the dark web. These stolen credentials are then used in attempts to login into other websites and accounts.

Credential stuffing is made possible due to the fact that many online users still erroneously have the same login details across multiple websites. Once a threat actor has the key to one, they have the key to all. The issue is finding what other accounts are using the same login details. So the simple solution is to automated the process and send in the bots.

Martin McKeay senior security advocate at Akamai commented in the report that: “Every business is impacted by credential stuffing botnets. Many businesses just see the traffic because of scatter shot scans, but financial services and retail sites are prime targets. Account takeover is profitable for attackers, guaranteeing that it will be a threat for the foreseeable future.”

Malicious Login Attempts Cases

As part of their research Akamai looked at a financial service institution in the Fortune 500 which saw its average login attempts jump from 50,000 in an hour to over 350,000.

The report points out that the company was: “Accustomed to having time-related peaks and valleys, but the difference between a daily peak of 100,000 logins per hour and tripling that when traffic should be declining was hard to miss.”