Get best of the week

Researchers: hackers are increasingly carrying out brute force attacks on financial services



Image: Akamai Technologies

Information security researchers have published a report on the most relevant cyber attack methods used by cybercriminals. It turned out that recently, hackers have been paying special attention to attacks of one specific type - an attempt to select a login. And the objectives of such attacks are far from always obvious.

What is the problem


Financial institutions and their clients are always in the focus of attention of cybercriminals. The reasons for this are understandable - a successful attack allows you to immediately hit the jackpot. And credential selection is the easiest way to solve this problem. According to researchers from Akamai, more than 85.4 billion login attempts have been made in the world over a two-year observation period.

So in August last year, in one day, only one financial service experienced 55 million such attempts. On average, up to 22 million attempts of attacks of this type are logged per day.

And the reason for their implementation is far from always lies in the desire of crackers to gain access to end-user finances. According to researchers, in recent years, hackers are increasingly interested in the API of financial systems.

Interest in API attacks is growing


A successful brute force attack on a single user can lead to the theft of his money. At the same time, a successful attack on an access point to the API of a financial service can potentially lead to a compromise of the entire business, and sometimes several companies.



Image: Akamai Technologies

According to statistics, usually up to 10% of all attacks on APIs come from financial services. However, last year there was a serious surge - in May 2019, financial companies became targets for up to 80% of attacks, and in October - 75%.

Can hackers hack the exchange or brokers


We examined this question earlier in one of our articles . The short answer is yes, there are no systems that could not be successfully attacked. However, here the question arises of the resources that the attackers have to spend, and what results they can get.

Successfully attacking a brokerage company and stealing money is usually more difficult for hackers than, for example, in the case of a banking service. Even in the event of a successful attack, it will not be easy for cybercriminals to withdraw and cash out clients ’funds - fraudsters will have to start manipulating securities by selling or buying them from victims' brokerage accounts at unprofitable prices.

This requires serious financial market skills that most hackers do not possess. exchanges today limit the maximum allowable range of price fluctuations during one trading session, so an attacker is unlikely to be able to "withdraw" any serious amount from one account to another.

In addition, to minimize potential damage, brokerage companies are developing various customer protection systems. For example, such protection is in the SMARTx trading terminal .

Read reviews, market analytics and investment ideas in the ITI Capital Telegram channel

More articles:


All Articles