According to a study by Akamai and WMC researchers, phishing attacks on the financial services Industry have increased by a factor of ten in the last year. The study report notes that the financial services sector is still being bombarded with credential stuffing and web application attacks.
According to the study report ‘Phishing for Finance’, from 2019 to 2020, there has been a substantial increase across the attack surfaces year after year.
‘Kr3pto’ and ‘Ex-Robotos’ are two phishing kits that have been identified. Ex-Robotos has targeted corporate workers with its scams, while Kr3pto has targeted customers of 11 UK banking brands.
In 2020, Akamai saw 193 billion credential stuffing attacks worldwide, with 3.4 billion directly targeting financial services companies, representing a year-over-year rise of more than 45 percent in the market.
It also found that approximately 6.3 billion web application attacks occurred in 2020, with more than 736 million of them targeting financial services, up 62 percent from 2019. SQL Injection (SQLi) attacks remained the most common form of web application attack in 2020, accounting for 68 percent of all web application attacks, with Local File Inclusion (LFI) attacks accounting for 22 percent.
In the financial services Industry, however, LFI attacks were the number one most common web application attack category in 2020, accounting for 52%, followed by SQLi (33%), and Cross-Site Scripting (9%).
DDoS attacks against the financial services sector increased by 93% in the last three years (2018-2020), suggesting that systemic disruption remains a goal for criminals who target critical services and applications required for daily business.
Commenting on the report, Steve Ragan, Akamai Security Researcher and Author of the State of the Internet / Security report, said “The ongoing, significant growth in credential stuffing attacks has a direct relationship to the state of phishing in the financial services industry,”
He added “Criminals use a variety of methods to augment their credential collections, and phishing is one of the key tools in their arsenal. By targeting banking customers and employees in the sector, criminals increase their pool of potential victims exponentially.”
Since May 2020, the Kr3pto phishing kit has been observed spoofing 11 brands across more than 8,000 domains in the UK, targeting financial institutions and their customers via SMS. Over the course of 31 days in Q1 2021, WMC Global monitored over 4,000 campaigns linked to Kr3pto that targeted victims through SMS messaging.
Ex-Robotos is a phishing kit that serves as a gold standard for corporate credential phishing. Over a 43-day span, the API IP address used for Ex-Robotos received more than 220,000 hits, according to data from the Akamai Intelligent Edge Platform.
Commenting on the development, Jake Sloane, Senior Threat Hunter at WMC Global, said “Kits like Kr3pto and Ex-Robotos are just two of the many kits targeting corporations and consumers today,”
“It’s important to remember that employees are consumers too, and with the prevalence of work from home, as well as mobile device usage in corporate environments, criminals are not shy about attacking people no matter where they are, which explains the recent growth in SMS-based phishing attacks.”