Attacks on financial apps increase 38% in H1 2021
Cybercriminals’ appetite for personal data remains high, with 74% of all data stolen in recent years being the type that can be used to identify, contact, or locate specific individuals. And to mark these trending digital products, thieves are increasingly flocking to web applications used by customers / members, employees and partners of financial institutions to conduct online transactions.
That’s according to a new study from Imperva Research Labs, a data security company based in San Mateo, Calif., Which revealed last week that in the first half of 2021 compared to the first half of 2020, the number of Web application incidents in the financial services industry jumped 38%, from 11.7 million to 16.1 million.
Additionally, Imperva reported that more than 870 million records of sensitive data were compromised in January 2021 alone, more than the total number of records compromised for all of 2017.
“The widespread theft of personal data is a strong indication that many organizations are not putting enough protection in place to keep them secure,” said Terry Ray, senior vice president and member of Imperva. “In many cases, the theft of personal data from financial institutions is made easier because it is regularly shared between systems, people and suppliers to complete transactions. As regulations governing data privacy become more stringent, it will be critical for every organization to have the ability to discover, identify, and categorize personal data across its data park. Only when an organization knows where personal data resides and what applications and users are accessing it, can it expand the security controls that protect it.
Cybercriminals have also focused their energy on Distributed Denial of Service (DDoS) attacks. According to Imperva, Layer 7 DDoS attacks, which target the application layer – the layer closest to the end user – of a system’s Open Systems Interconnection (OSI) model, are becoming increasingly powerful, with the number of requests per second (RPS) in Layer 7 DDoS attacks against financial services companies has tripled since April 2021. In a DDoS attack, the instigators aim to overwhelm server resources by flooding the server with so much traffic under the form of connection requests until it is no longer able to respond; the higher the number of RPS, the more intense the attack.
Imperva has also noted the prevalence of client-side attacks, which involve tricking website users into downloading malicious content, allowing the bad actor to exploit the website by intercepting user sessions, inserting hostile content, or simply breaking down the website. conducting phishing attacks, for example. Client-side attacks on financial services companies focus on skimming payment information by exploiting third-party scripts used by thousands of websites across many industries, the company said. “Financial websites rely more on third-party scripts to provide better services to their customers, but due to the high volume of digital transactions dealing with financial assets and other sensitive data, they are a prime target for attacks. client side, ”Ray said. . “Once credit card details are stolen, the data can be used immediately by cybercriminals to acquire property or sold to other criminals for further exploitation.”
A successful phishing attack has been a particularly popular goal for criminals working on the client side, with a separate report from Phishlabs indicating that phishing attacks increased 22% in the first six months of 2021 compared to the previous year. same period last year. . However, the Quarterly Threat Trends and Intelligence Report from the Charleston, SC-based digital risk protection service provider also found that phishing activity declined significantly in June for the first time in six months. after an important month of May.
Imperva also ranked ransomware attacks among the top five security threats in financial services, and a recent report from Atlas VPN further demonstrated the seriousness of the threat. The New York, NY-based VPN service provider found that ransomware attacks increased by 151% in the first half of 2021 compared to the first half of 2020, with the United States facing more ransomware threats than any other country.
The first half of this year, according to Atlas VPN, saw 304.7 million attempted ransomware attacks, already making this year the worst on record for ransomware. Ransomware attacks are a serious problem that terrorizes many organizations or government agencies, causing national danger, ”said William Sword, writer and cybersecurity researcher for Atlas VPN. “As many people neglect the basic rules of cybersecurity, they become easy targets for cybercriminals. Improving cybersecurity awareness and preparedness is a must if businesses are to reduce ransomware attacks.