A report from the FBI to the financial services industry cites a recent survey from data analysts showing that approximately 41 percent of cyber incidents over the past three years have targeted the financial sector.
The survey also shows that the cybercriminal's increasing use of credential-stuffing attacks corresponds to a rise in the number of stolen credentials found on the dark web.
The FBI points to user negligence, particularly regarding passwords, as key to the criminal's success in hacking financial accounts. The survey reported that 60 percent of respondents use the same password across multiple accounts, and cybercriminals are taking advantage of it. Hackers employ bots in their credential-stuffing attacks, which take already stolen credentials and attempt logins on a massive scale across multiple accounts.
The cost to businesses hit by this type of attack involves more than just system down time and damage to reputation. Victims also face the financial expense of notifying customers and repairing a hacked network system.
To prevent attacks associated with compromised credentials, the FBI suggests businesses employ multiple strategies. This should include educating customers and employees about the threat and encouraging them to use unique passwords and change them regularly. Filip Truta "FBI: 41% of Financial Sector Cyber Attacks Come from Credential Stuffing" securityboulevard.com (Oct. 02, 2020).