You Have Not Suffered A Data Breach But How Do You Prevent Credential-Stuffing Attacks?

Weak Password Test_1200x675-1Frequent data breaches and the widespread availability of automated tools to take advantage of the compromised information have greatly increased the efficiency of credential stuffing attacks, according to Sumit Agarwal, COO of Shape Security and former US Deputy Assistant Secretary of Defense.

In an interview with TechRepublic, Agarwal explained that credential stuffing is the use of stolen credentials to launch automated attacks against login forms. There are billions of stolen credentials for sale on the dark web. Since most people reuse passwords, the attackers have a good chance of finding another account that uses that same credentials.

Agarwal noted that all organizations can be vulnerable to credential stuffing, since they have no control over which passwords their employees use on other platforms.

“The most remarkable aspect of credential stuffing is that a given business does not have to be breached itself to suffer from credential stuffing,” Agarwal said. “The vulnerability is simply having a login form and having users.”

Agarwal said the first thing organizations need to do is realize they’re probably already facing credential stuffing attacks. They should therefore be monitoring accounts for brute forcing attacks and unusual login patterns. Organizations should also encourage their employees to use password managers rather than using the same password across many different accounts. New-school security awareness training can teach your employees about the ways they can be targeted by attackers and how to defend themselves and their organization.

TechRepublic has the story:

Are your user’s passwords…P@ssw0rd?

Employees are the weakest link in network security, using weak passwords and falling for phishing and social engineering attacks. KnowBe4’s complimentary Weak Password Test (WPT) checks your Active Directory for several different types of weak password related threats.

wpt02Here's how it works:

  • Reports on the accounts that are affected
  • Tests against 10 types of weak password related threats
  • Does not show/report on the actual passwords of accounts
  • Just download the install and run it
  • Results in a few minutes!

Check Your Passwords

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe To Our Blog

Ransomware Has Gone Nuclear Webinar

Get the latest about social engineering

Subscribe to CyberheistNews