"Global Credential Stuffing Attempts Hit 193 Billion in 2020"

Security researchers at Akamai did a new study that revealed the sheer scale of attempts to crack open users’ accounts using previously breached credentials.  The researchers found that 193 billion credential stuffing attempts occurred during 2020 as cyber-criminals looked to capitalize on surging numbers of online users.  Their research was mainly focused on the financial sector.  Akamai detected 3.4 billion credential stuffing attempts targeting the financial sector, which is a 45% increase from the previous year.  Akamai also saw nearly 6.3 billion web application attacks in 2020, over 736 million of which were aimed at financial services organizations which is an increase of 62% from 2019.  In the financial services industry, Local File Inclusion (LFI) attacks were the number one web application attack type in 2020, accounting for 52% of the total, followed by SQLi (33%) and cross-site scripting (9%).  However, globally across all sectors, SQLi was in the top spot and accounted for 68% of all web application attacks in 2020.  LFI attacks came second with 22%.  The researchers also found that there was a rise of smishing and phishing attacks against the financial services sector, specifically via two popular toolkits: Kr3pto and Ex-Robotos.

Infosecurity reports: "Global Credential Stuffing Attempts Hit 193 Billion in 2020"