Cloud delivery network provider Akamai Technologies on Thursday said it detected 30 billion malicious login attempts globally during a period of eight-months ending in June 2018.
The financial services industry bears the major burden of such attacks, according to a new report titled "Akamai 2018 State of the Internet/Security Credential Stuffing Attacks".
Malicious login attempts result from credential stuffing, where hackers systematically use botnets to try stolen login information across the web.
They target login pages for banks and retailers on the premise that many customers use the same login credentials for multiple services and accounts.
Credential stuffing can cost organisations millions to tens of millions of dollars in fraud losses annually.
"Our research shows that the people carrying out credential stuffing attacks are continuously evolving their arsenal. They vary their methodologies, from noisier, volume-based attacks, through stealth-like 'low and slow'-style attacks," Martin McKeay, Senior Security Advocate at Akamai who is also the lead author of the report said in a statement.
"It's especially alarming when we see multiple attacks simultaneously affecting a single target. Without specific expertise and tools needed to defend against these blended, multi-headed campaigns, organisations can easily miss some of the most dangerous credential attacks," McKeay added.
The Akamai report combines attack data from across Akamai's global infrastructure and represents the research of a diverse set of teams throughout the company.