Receive News Alerts, Special Info and other offers!
We Respect your Privacy. Your Information will not be shared.
Hackers are back with another tech disruption. The only difference is that this time they have moved from the aviation to the financial sector. It may come across as a shock to you however latest reports have confirmed that financial bodies such as banks and other financial institutes. The figures that have been stolen from such institutions are even more shocking. Adding to this news has been the fraud that has occurred in Akamai Technologies.
Investigation shows that this fraud had happened using a login fraud. Now the surprising part is that in the previous year Akamai Technologies was under attack with more than 85.4 billion malicious using the same approach. Akamai Technologies has further shared that on August 7th last year more than 55 million malicious logins were attempted on a single financial service business.
On average the perday login had counted upto 22 million times. There were peaks and valleys, naturally with malicious activity ramping up while a new password dump makes the rounds on underground hacking forums. One may think all this must have happened to break into a particular account, however, this may not always be the case. Since over the few years cybercriminals have changed their modus operandi. by increasing their paying more attention to the Application Programming Interface (API) endpoints.
You must know that a successful brute force attack on a single user"s account can lead the hackers in getting lucky and taking the treasure away forever. In fact, this attack may cost loss of sensitive data for some users.
Thus a successful attack on an API endpoint is potentially strong enough to get high flying businessmen to turn into a bankrupt within hours. Generally the financial service sectors accounts are just 10% of all API login attacks. Last year this percentage jumped dramatically to 80% in May and 75% in October.
It"s a huge problem and it is not going to go away anytime soon. Not all APIs are created with equal and many that are widely-used and with this not a lot of limitation is put to this especially on the login. This is what has mad this issue pretty scary. Instead they keep allowing the attempts until and unless the person/bot’s attempt has succeeded or they have given up.
Top 40 Ethical Hacking Tools for your Business
13 Ways to Protect Cloud Applications in an Organization
How much do professionals earn across AWS and Azure certifications in 2023?
5 Reasons of opting for Azure-900 certification
What does a Project Manager do in 2022
So many information security courses, which one do I pursue first?
A decade of re:Invent for AWS Cloud Solutions Architects & Tech Enthusiasts
Is it worth getting CISM training?
How to become a CCISO?
Know About CISA Certification
OR