We Are Witnessing a Wave of Credential Stuffing Attacks
Travel and Retail Are the Industries Facing a Wave of Credential Stuffing Attacks.
In Ath0’s inaugural security report can be noticed key areas of concern for the security professionals responsible for managing digital identities, including the exponential rise of credential stuffing attacks.
Credential stuffing is a cyberattack method used by attackers to compromise user credentials and breach a system.
This type of attack makes use of bots for automation and scale and works by assuming that many users are reusing their usernames and passwords across multiple services.
In the research conducted by Auth0, a few key facts and figures stood out. It seems that in the first 90 days of 2021, credential stuffing accounted for 16.5% of attempted login traffic on its platform, having a peak of over 40% near the end of March, with the top two most affected industries by credential stuffing attacks being Travel & Leisure and retail.
Another interesting fact was that the number of fraudulent registrations varied by industry but roughly 15% of all attempts made to register a new account apparently can be attributed to bots, therefore in the first 90 days of 2021, an average of more than 26,600 per day breached passwords were detected, with a minimum of just under 7,300 and a high on February 9th, 2021, exceeding 182,000.
Securing customers’ identities is made more difficult by industry-wide failures to protect data. The prevalence of breached passwords and the availability of automated attack tools make the humble password a protective measure from the past. The State of Secure Identity Report is designed to share our unique identity security insights and recommendations with the industry so that application builders and developers at any organization can take the steps they need to improve their overall security posture and make things more secure for end-users.
The most prevalent threats detected and analyzed were Credential Stuffing; Fraudulent Registrations; Multi-factor Authentication Bypass; Breached Password Usage; and other common identity attacks.
Malicious actors are willing to spend between $50 and $1,000 for validated credentials from credit card records, crypto accounts, social media accounts, and even Netflix accounts.
Another interesting finding from the report was that 39% of the IP addresses associated with credential stuffing attacks are based in the US and that the technology and travel industries are accounting for more than 50% of all SQL injection attacks seen on the platform.
Therefore, travel and retail enterprises are targeted the most by brute attacks activities being followed closely by government institutions, industrial services companies, and technology organizations with the technology industry facing the most MFA brute force attempts at 42%, followed by consumer goods at 15% and financial services with 13%.
The attackers seem to often target reward programs that are offered by restaurants or stores because “they are rarely secured well and the benefits are easily monetized.”
Heimdal® Threat Prevention - Network
- No need to deploy it on your endpoints;
- Protects any entry point into the organization, including BYODs;
- Stops even hidden threats using AI and your network traffic log;
- Complete DNS, HTTP and HTTPs protection, HIPS and HIDS;
It’s a known fact that multiple breaches and cyberattacks from the last month originated from reused passwords or account details that had been leaked in previous attacks, therefore having good password hygiene is mandatory in order to remain safe in this cybersecurity landscape.