Akamai observed 61 billion credential stuffing attacks between January 2018 and June 2019, according to Computer Business Review. In a new report on Internet security, Akamai researchers say these attacks have grown more efficient and accessible due to low-cost automation tools that can evade detection.
35% of these attacks were focused on the tech, video media, and entertainment sectors. The researchers say these three industries are highly targeted because they offer a wealth of personal and corporate data.
Akamai explains that attackers have crafted applications that streamline and automate credential stuffing so that even low-skill criminals can launch these attacks. The tools include evasion capabilities that can defeat security mechanisms designed to thwart brute forcing. Some of these tools are free, and others sell for around $20.
Credential stuffing is a type of brute force attack in which an attacker tries to log into a victim’s account using millions of usernames and passwords that have been leaked in data breaches. Since most people unfortunately reuse passwords, this method is much more efficient than trying to guess every combination of characters. Computer Business Review notes that there are at least eight billion email addresses and 555 million passwords available online, and that number continues to rise with each data breach.
Credential stuffing attacks depend for their success on lax security practices. People can defend themselves by implementing two-factor authentication and using unique, complex passwords. New-school security awareness training can enable your employees to be mindful of their security posture.
