Mass automated attacks using stolen credentials are on the rise, according to Akamai’s 2019 State of the Internet / Retail Attacks and API Traffic report, putting consumers and retailers at risk.
The bad guys are always looking for a quick path to revenue. They’ve found on in the retail industry using a combination of credential stuffing and advanced large-scale botnets designed to target 120 online retailers at once.
Data breaches that involve the theft of credentials, such as the LinkedIn breach in 2017 of 116 million accounts can be leveraged by cybercriminals to attempt to access other online accounts under the assumption that users use the same password across multiple accounts.
According to Akamai’s latest data shows an average of 115M attempts to log onto online retailer accounts every day, totaling 28 billion from May through December of 2018.
Verified compromised accounts are generally sold on the dark web, or are leveraged to take advantage of account perks, promo codes, etc. These accounts can also be used as a stepping stone for spear-phishing attacks with the compromised account’s email address as the potential victim.
While most organizations aren’t thinking that online retail is a threat vector, keep in mind users tend to reuse password across both personal and work accounts, putting the organization at risk. Having good password hygiene and password policies that require more complex passwords of users is necessary. Creating a proper security culture through Security Awareness Training is another need to ensure users understand the need to keep organizational passwords secure and unique.
Find out how affordable new-school security awareness training is for your organization. Get a quote now.