cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Credential stuffing attacks surge in financial services sector

New report reveals sharp increase in credential stuffing attacks on financial services web applications.

user icon Nastasha Tupas
Thu, 27 May 2021
Credential stuffing attacks surge in financial services sector
expand image

Akamai Technologies has published a report that has uncovered a massive uptick in credential stuffing attack traffic on financial services web applications between 2019 to 2020.

Akamai’s research uncovered data indicating there has been over 193 billion credential stuffing attacks worldwide, with 3.4 billion targeting financial services organisations, an increase of more than 45 per cent year-on-year. Akamai also found over 736 million of the 6.3 billion web application attacks targeted the financial services sector in 2020 demonstrating a solid 62 per cent increase from 2019.

Akamai partnered with WMC Global researchers, who have a track record of decoding the strategies that criminals use to execute the attacks, and examined the ‘Kr3pto’ and ‘Ex-Robotos’ phishing kits specifically.


In the past year, Kr3pto has been spoofing 11 UK banking brands, while Ex-Robotos scammed corporate employees via Smishing (SMS phishing).

According to Jake Sloane, senior threat hunter at WMC Global, the mass migration into remote working arrangements explains the recent growth in SMS-based phishing attacks.

“It's important to remember that employees are consumers too,” Sloane said.

“Kits like Kr3pto and Ex-Robotos are just two of the many kits targeting corporations and consumers today.

“With the prevalence of work from home, as well as mobile device usage in corporate environments, criminals are not shy about attacking people no matter where they are.”

The Kr3pto phishing kit targeted financial institutions and their customers via SMS at 11 UK banking brands, across more than 8,000 domains since May 2020. In Q1 2021, WMC Global found over 4,000 campaigns linked to Kr3pto that targeted victims via SMS messaging over 31 days.

Data from the Akamai Intelligent Edge Platform, Ex-Robotos focused on corporate credential phishing with an API IP address that got a total of 220,000 hits in 43 days.

According to Steve Ragan, Akamai security researcher and author of the State of the Internet/Security report, phishing is one of the key tools that criminals use to increase "their pool of potential victims".

“The ongoing, significant growth in credential stuffing attacks has a direct relationship to the state of phishing in the financial services industry,” Ragan said.

“By targeting banking customers and employees in the sector, criminals increase their pool of potential victims exponentially.”

The report has identified LFI attacks have been the most common web application assault method in 2020 which is up by a staggering 52 per cent, closely followed by SQLi at 33 per cent and Cross-Site Scripting at 9 per cent.

For all other business types across the globe, SQL Injection (SQLi) attacks made up over 68 per cent of all web application attacks, with Local File Inclusion (LFI) attacks coming in second at 22 per cent.

“By partnering with WMC Global for this report, we were able to expand on our existing coverage of the financial sector and offer a wider range of details into the attacks that financial organisations face on a daily basis,” Ragan added.

[Related: Sophos uncovers 167 fraudulent crypto and finance apps]

Nastasha Tupas

Nastasha Tupas

Nastasha is a Journalist at Momentum Media, she reports extensively across veterans affairs, cyber security and geopolitics in the Indo-Pacific. She is a co-author of a book titled The Stories Women Journalists Tell, published by Penguin Random House. Previously, she was a Content Producer at Verizon Media, a Digital Producer for Yahoo! and Channel 7, a Digital Journalist at Sky News Australia, as well as a Website Manager and Digital Producer at SBS Australia. Nastasha started her career in media as a Video Producer and Digital News Presenter at News Corp Australia.

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.