Q3 ThreatX Platform Data: Spotlight on the Banking Industry

In our recent analysis of our Q3 platform data, we found that the banking industry stood out in a couple areas. First, its use of APIs is much higher than other industries. In fact, 76.17 percent of its HTTP traffic is API-driven. This high percentage highlights the need for specialized security solutions to safeguard against API-specific vulnerabilities and to offer API protection and insights.   

In addition, banking is subjected to higher rates of brute force attacks, like programmatic access and credential stuffing, than other industries. Together, these types of attacks make up approximately 57 percent of the total attack classifications within the sector, a notably high concentration. These attack vectors are often employed to gain unauthorized access to financial data and should be critical focal points in any robust security strategy.   

A Deeper Look at the Top Attacks in the Banking Sector  

Credential stuffing: This is the most prevalent attack type in the banking sector, with an average percentage significantly higher than other attacks. Credential stuffing attacks aim to gain unauthorized access to accounts by using known username-password combinations, often obtained from previous data breaches. Given the sensitive nature of banking data, the high prevalence of credential stuffing attacks is a critical security concern.   

Keep in mind that credential stuffing techniques are able to sidestep traditional WAF signatures and rate-based rules for several reasons. Most notably, the techniques do not rely on an exploit or other overt malicious action, and instead, use/abuse the exposed functionality of an application in unexpected ways.   

In this case, the attacker, usually in the form of a bot, is using the application’s login functionality in much the same way that a legitimate user does.  

Additionally, since attackers have many username/password combinations to cycle through, the work is typically done by a large, distributed botnet or other forms of malicious automation. This not only speeds up the work, but it allows the attacker to distribute the attack over a large number of IP addresses so that it isn’t obvious that the attack traffic is coming from a specific set of IPs.  

Programmatic access: This type of attack involves automated or non-human interactions with web applications and APIs, potentially aiming to scrape data, perform unauthorized transactions, or exploit vulnerabilities.   

Brute force: Brute force attacks attempt to gain access to resources by trying multiple combinations of credentials. Given the sensitive nature of financial data, this type of attack is particularly concerning for the banking sector.   

Error rate: This could indicate an abnormally high rate of errors in HTTP requests, often a red flag for either malfunctioning applications or malicious activity such as probing for vulnerabilities.   

Customer rule: This represents matches to custom-defined rules within the ThreatX API and Application Protection platform. Its appearance among the top attacks suggests that bespoke rules could be effective in the banking sector for identifying and mitigating unique risks.   

The high level of brute-force type attacks underscore the need for specialized security measures in the banking sector, including multi-factor authentication, rate-limiting, and advanced behavioral analytics. Given that these types of attacks constitute a significant portion of the security challenges in this vertical, targeted solutions are crucial for robust protection.