TRENDING
Reuben Koh , Security Technology and Strategy
Director APJ , Akamai
APAC is the second-most targeted region in the world for malicious bot requests against financial services – accounting for 39.7 % of all malicious bot requests worldwide .
Use cases include website scraping to impersonate the websites of financial services brands for phishing scams and credential stuffing via automated injections of stolen usernames and passwords for account takeovers .
This highlights that threat actors are constantly evolving their techniques and have started to focus their attacks on financial service consumers to get the most return on investment .
“ APJ ’ s financial services sector is one of the most innovative and competitive in the world . Financial institutions are increasingly turning to third-party scripts to quickly add new offerings , features , and interactive experiences for customers . However , businesses usually have limited visibility into the authenticity and potential vulnerabilities of these scripts , introducing yet another layer of risk to the business . Due to this limited visibility of risky third-party scripts , threat actors now have yet another vector to launch attacks against banks and their customers ,” said Reuben Koh , Security Technology and Strategy Director ( APJ ), Akamai .
Akamai ’ s report also found that malicious bot traffic in APAC rose 128 % from 2022 – which underscores the continued assault against financial services customers and their data .
Cyber criminals use bots to amplify the scale , efficiency , and effectiveness of attacks .
Other key findings of the report include :
• Web application and APIs remain attack vectors of choice in APJ , with the finance sector accounting for 50 % of attacks of this category , followed by commerce ( 19.99 %) and social media ( 8.3 %).
• Australia , Singapore and Japan were named the top three most targeted APAC countries , together accounting for more than three-quarters of all web application and API attacks . As global financial hubs , Akamai says it is no surprise that organizations in these countries continue to experience massive , targeted attacks .
• Local File Inclusion ( LFI ) remains the top attack vector , accounting for 63.2 % of attacks – with Cross-Site Scripting ( XSS ) second at 21.3 % and PHP Injection ( PHPi ) at 6.32 %. LFI attacks exploit insecure coding practices or actual vulnerabilities on a web server to execute code remotely or gain access to sensitive information stored locally . Older PHP-based web servers for example , are more
24 INTELLIGENTCIO APAC www . intelligentcio . com