Research from Akamai found up to 75 percent of all credential abuse attacks against the financial services industry in 2019 targeted APIs directly (rather than user-facing login pages) One such credential stuffing attack, observed last summer, hit a financial services customer with a blizzard of 55 million malicious login attempts. Credential stuffing attacks, DDoS attacks and local file inclusion jumped up ahead of SQL injection when it comes to the type of web attacks we re seeing against financial services. Financial Services is the industry that s always at the top of their game, which the criminals are hyper focused in their attacks, which is hyper focused.
Source: https://threatpost.com/akamai-on-credential-stuffing-attacks/153654/