Finance sector hit by 3.5bn hacking attempts thanks to stolen passwords

Banks and financial institutions are suffering increased cyber-attacks due to stolen passwords.

In the past 6 months alone, cyber criminals have launched 3.5 billion attempted attacks on the financial sector, data from Akamai has found.

In addition to phishing, hackers are increasingly using credential stuffing – stolen usernames and passwords used to access accounts via automated login requests – to fraudulently create new accounts.

Akamai points to an emerging dark web economy based on hackers using stolen credential data to hijack accounts and resell lists of breached login information.

 

Finance data breaches fuelling dark web economy

The ability to quickly package up and sell on breached financial information is fuelling a whole economy on the dark web.

Criminals who have stolen financial data are adding to it via phishing and then making money through hijacking accounts or reselling the lists they have built.

A common method of monetising breached financial data for hackers is to ‘bank drop’. This is where a hacker uses stolen financial data on an individual to fraudulently open up a new bank account. Some hackers will then run up credit against a bank drop, whilst others will sell them on at an average of $500 per account.

With the personal data of 106 million American and Canadians exposed in Capital One’s data breach, it is expected that there will only be more fraudulent accounts and credit lines opened over the coming months.

 

Beat the hackers with strong authentication

Strong two-factor authentication (2FA) removes the threat of weak or stolen passwords and so renders phishing, credential stuffing and other rapidly growing password hacking threats useless.

A priority for IT leaders must be to secure the login access of their employees.

Complexity is a common barrier when looking to increase data security, however achieving a strong 2FA digital identity solution doesn’t need to be complex.

Through an interoperable credential management system (CMS), institutions have the software necessary to build in a solution that slots into existing infrastructure and connects with any new technology.

MyID® is used across banks and financial institutions in North America and across Europe to integrate public key infrastructure (PKI) with banking IT systems.

With PKI and MyID, organisations have a cryptographic identity solution for their employees that removes passwords from the equation.

To find out more about MyID for finance digital identity and to discuss your requirements further, contact us now via the form below.