ISLAMABAD: In 2020, financial entities faced 3.4 billion cyber-attacks throughout the world. A total of 193 billion stuffing attacks were observed globally and the financial sector witnessed the highest number of attacks. Through credential stuffing attacks, cyber criminals tried to access essential data of online users with the aim to gain unlawful access to their accounts from the data-base of financial entities. Cyber criminals also attempted to use the COVID-19 issue and sent deceptive messages in attacks in which they tried to attract people by promising financial assistance. Criminals also used SMSs and phishing emails to deceive people and hack their data. Akamai, a global technology and cyber-security system provider, has made these startling disclosures in its report for the year 2020, released recently. In 2020, the use of SMS has emerged as a major threat for stealing/hacking data of people by sending deceptive messages of financial reward through fake links.
Web attacks in 2020 stood at 6.3 billion all across the world out of which 736 million attacks involved the financial services sector. SQL injection and Local File Inclusion have been identified as two leading methods of attacks. Nevertheless, strong cyber security systems of organized financial entities foiled most of the attacks. This is embarrassing to note that in November 2020, the daily number of credential stuffing attacks reached a peak with 63 million per day. Meanwhile, on May 9, the cyber world experienced the highest single-day attacks of 78.68 million. Furthermore, web-based and application-driven attacks also remained high in the year 2020 with 6.287 billion web attacks and 73.60 million application-based attacks on the financial services sector throughout the world.
Across the globe, SQL Injection, Local File Inclusion, Cross-Site Scripting, PHP Injection and Remote File Inclusion and Command Injection were identified as major cyber-attacks last year. In 2020, the LFI attacks against the financial companies accounted for 51.62 percent of total cyber-attacks while 33.42 percent SQLi attacks were reported last year. A sharp increase in LFI attacks indicates that cyber criminals are primarily concentrating on the financial services sector and targeting APIs and applications to hack/access users’ data. XSS attacks accounted for 9.31 percent, PHPi 2.36 percent, CMDi 1.17 percent while other internet attacks accounted for 2.12 percent in 2020.
Meanwhile, phishing emails are also a leading cause of cyber frauds throughout the world. With phishing emails, criminals develop replicas of leading financial organizations and send to their customers to steal/hack their data. When customers try to login through phishing emails, their username and password reaches in the hands of cyber criminals. Copycats and clones are being used frequently in phishing emails to defraud online users of different companies. The DDoS (denial-of-service) attacks have also increased in the last three years (2018-2020) substantially. With this method of attacks, cyber outlaws disrupt customers’ access to online services by disconnecting organizations’ online and hosting networks. In this situation, banks and other financial service providers are frequently sending messages to their customers, forewarning them of phishing emails, SMS, chat, phone calls and asking them not to disclose their personal information.