18 Months, 61 Billion Credential-Stuffing Attacks


Akamai observed 61 billion credential stuffing attacks between January 2018 and June 2019, according to Computer Business Review. In a new report on Internet security, Akamai researchers say these attacks have grown more efficient and accessible due to low-cost automation tools that can evade detection.

35% of these attacks were focused on the tech, video media, and entertainment sectors. The researchers say these three industries are highly targeted because they offer a wealth of personal and corporate data.

Akamai explains that attackers have crafted applications that streamline and automate credential stuffing so that even low-skill criminals can launch these attacks. The tools include evasion capabilities that can defeat security mechanisms designed to thwart brute forcing. Some of these tools are free, and others sell for around $20.

Credential stuffing is a type of brute force attack in which an attacker tries to log into a victim’s account using millions of usernames and passwords that have been leaked in data breaches. Since most people unfortunately reuse passwords, this method is much more efficient than trying to guess every combination of characters. Computer Business Review notes that there are at least eight billion email addresses and 555 million passwords available online, and that number continues to rise with each data breach.

Credential stuffing attacks depend for their success on lax security practices. People can defend themselves by implementing two-factor authentication and using unique, complex passwords. New-school security awareness training can enable your employees to be mindful of their security posture.

Computer Business Review has the story: https://www.cbronline.com/news/credential-stuffing-attempts-akamai

Are your user’s passwords…P@ssw0rd?

Employees are the weakest link in network security, using weak passwords and falling for phishing and social engineering attacks. KnowBe4’s complimentary Weak Password Test (WPT) checks your Active Directory for several different types of weak password related threats.

wpt02Here's how it works:

  • Reports on the accounts that are affected
  • Tests against 10 types of weak password related threats
  • Does not show/report on the actual passwords of accounts
  • Just download the install and run it
  • Results in a few minutes!

Check Your Passwords

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:


Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews