A new report from Akamai reveals that the financial industry has become a prime for credential stuffing botnets. The report highlights two on financial services sites. One   caused a major financial ’s login attempts to spike from an average of approximately 50,000 an hour to over 350,000 in one afternoon. The other saw a credit union attacked by three botnets at the same time, the most dangerous not being the biggest, but the one which kept up a sustained lower level over a longer period so as not to arouse suspicion.

Ryan Wilk, Vice President at NuData Security:

- yH5BAEAAAAALAAAAAABAAEAAAIBRAA7 - Credential Stuffing Attacks Target Financial Services

“Based on what we’ve seen at NuData, 90% of attacks start with some sort of automation, credential stuffing being a prominent one. The for credential stuffing is now so affordable that this type of attack is becoming accessible for almost anyone. What this is that adversaries can automatically cycle through username and password pairs against login portals. This technique, known as credential stuffing, is a type of brute force attack whereby large sets of credentials are automatically inserted into login pages until a match with an existing account is found.

Having customers change their passwords is a temporary fix, a band-aid that doesn’t get to the root of the problem. One effective way to stop this type of attack is to implement solutions that detect this sophisticated automated activity at login and other placements. By using technologies that include behavioural biometrics, automated activity is flagged at login before it can even test any credentials in the company’s environment. At the same time, companies should stay alert for any leaked credentials of their employees or customers along with mentions of the company and brand names across cracking forums to stay on top of this trend.”

Source link
Based Blockchain Network


Please enter your comment!
Please enter your name here