Credential Stuffing – Are You Doing Enough? – Infosecurity Magazine

9e4a9789 cef7 4f18 a7db 0c167b1c9d8c ProxyEgg Credential Stuffing – Are You Doing Enough? - Infosecurity Magazine

Credentials stuffing attacks are nothing new, and are in fact one of the simplest attacks for hackers to launch. For script kiddies it can be one of the first things that they try for the thrill of seeing that they can gain access to systems, while for the more experienced, the potential for credential stuffing attack is much greater. It can provide them with more information on an individual user linked to their finances, home life etc, all of which can be used for fraud, make purchases or spend credit, in the account accessed, or to build a curated file on an individual that can be sold on the dark web for others to exploit.

The problem is that it doesn’t stop there. The success of a credential stuffing attack is not always is not always measured by the hacker in the above terms. By finding a username/password combination that works, hackers will then test that combination across the world’s most popular consumer sites and services, to see whether the same credentials have been used elsewhere – and we all know how often the same password is used. The pot of gold is gaining access to a personal email account, where the hacker can lurk, read, learn and exploit.

Remember, credentials stuffing attacks are not always about gaining access. They are automated attacks where thousands of credentials might be thrown at a website and tested from multiple servers. This leads to poor performance on the website and can even take them offline, in a type of denial of service attack. Where this is the goal, no black market credentials are needed at all.

Companies that become the victim of credentials stuffing attacks can equally suffer financial and reputational damage, as well as losing the confidence of customer and investors.

The ingredients of an attack

One of the reasons credential stuffing attacks are so popular, especially with new hackers, is that they are so simple, and require barely any technical expertise or flare.

The first ingredient of an attack is having sets of credentials and these are extremely easy to find and buy online. Research earlier this year from Digital Shadows found that the number of username and password credentials openly for sale on the dark web has tripled in two years to more than 15 billion. Of course, if a hacker’s goal is to cause disruption to a site, then this ingredient is optional.

The second ingredient is having a tool that can test the credentials against a website or multiple sites. There are a range of tools available, many with their own built in scripting languages that other hackers develop configurations for and post in the hacking community. These software tools are designed to be easy to use, have very rich functionality, and countless resources and manuals to help newcomers. Arguably in some cases, they are better supported and continuously developed than commercial software.

Finally there are proxy services, which help hackers evade detection not only from the authorities, but by making logon attempts appear to come from multiple locations, in the same way normal login attempts would. Lists of proxy servers are readily available online, and tools can be configured to rotate through a provided list.

Detection and testing

From an engineering standpoint there are a number of components to detecting a credentials stuffing attack, and the perception is they are difficult to test for during development. An attacker will use multiple credentials, different User-Agent Strings (UAS), and logins will be distributed over time from a range of IP addresses through proxy servers. The toolsets themselves are even designed with technical sophistication to make sure hackers do not make obvious mistakes.

So, rather than focus on what we don’t know, the answer is to focus on what you do know about successful logins from your customers. You understand your traffic volumes and seasonality, the UAS and IP ranges (countries, languages and browsers), and the number of user accounts that you have. This paints a picture of what is normal for your site, and is key in the fight.

Mitigation doesn’t have to mean complication

The hacker toolset is pretty impressive there is no doubt about it, and for companies there are a whole host of security solutions available that will help make it harder for hackers to get what they want out of an attack, whether that is disruption, or validated credentials.

There are also some basics that you should consider to ensure that your systems are doing all they can to mitigate the risks:

The attacks and tools that hackers use are getting more sophisticated all the time. In the same way that you may be considering the use of artificial intelligence and machine learning in parts of your business, the hackers are doing the same.

The reality is that you will need to fight fire with fire, and some detection methods that will be needed in the future will fall outside our own understanding; identifying those patters and developing that understanding is the role of ML.

We need to get on top of credential stuffing as an industry. Whilst we’ve only scratched the surface of what is possible, the point is that there is a lot we can do to lower the risks of an attack happening, and identifying it quickly when it does.

Source of this news: https://www.infosecurity-magazine.com/opinions/credential-stuffing-doing-enough/

Related posts:

Attackers Now Scanning for 'ProxyShell' Vulnerabilities in Exchange Server - Redmondmag.com
News Attackers Now Scanning for 'ProxyShell' Vulnerabilities in Exchange Server By Kurt Mackie08/13/2021 Recent scanning for a "Critical" remote code execution vulnerability (CVE-2021-34473) in E...
Use and Use Curl via Debian 11 Bullseye Linux - H2S Media
cURL is an open-source command-line program integrated into Linux systems for a long time. It probable files to be transferred beyond or to a server while avoiding user interaction. In addition...
Study Shows Which VPNs Have Managed To Overcome Netflix Bans, And In Which Countries They Successful...
A recent study has delved into just how effective Netflix VPN bans have been across different proxy platforms. The answer? Not all too much. Let’s get down to discussion.The massive popularity of Net...
Prominent proxies and reverse proxy server: what sets them apart? - Mancunian Matters
When it comes to internet security, proxies are some of the most commonly used avancées techniques on a global scale. They are pretty fantastic, but different proxies are formulated for different ...
How to Connect to a Proxy Server - Alphr
How to Connect to a Proxy Server Proxy servers are beneficial because they act as mediators between your computer and the internet. They make online requests for you...
Server System and Server Motherboard Market Forecast, Trends, Share, Size, Industry Growth, Drivers ...
Market Expertz latest study, titled ‘Global Server System and Server Motherboard Market,’ sheds light on the crucial aspects of the global Server System and Server Motherboard market. The S...
Joe biden defends U. S. airstrikes on Iran-backed militia by means of self-defense - New York Daytim...
Talking to reporters at the White wines House before a meeting suffering from outgoing Israeli President Reuven Rivlin, Biden said he “authority under Article II” for this particular Sunday stri...
Marketing information Center Servers for Dummies ~ Times Square Chronicles you would like to Times S...
Data Central Servers for Dummies Data server focus are physical storage areas where all the components which have been critical to running features and string data seem to be hous...
Larva VPN - Hide the best IP by Unikel understanding AppAdvice
Larva provides a blazingly fast VPN service with a secure, encrypted, and anonymous connection. Larva protects you from cyber virus attacks while offering complete anonymity as well as the protec...
Secure Web Gateway vs VPN vs Proxy vs CASB: What's the difference? - TechRadar
Cloud computing has been around for over two decades and more and more businesses are choosing the cloud over on-site servers because of its scalability, cost-effectiveness, and overall business effi...
1 / 4 of UK Parents Apply Content Filters from High speed ISPs - ISPreview. corp. uk
A new Ofcom report has found that 61% of parents are aware of the existing network-level internet filtering (Parental Control) tools provided by big U broadband ISPs, yet singular 27% have a...
Charting market rotation, S&P 500 presses record territory - MarketWatch
Technically speaking, the major U.S. benchmarks continue to trend higher amid rotational market price action. Against this backdrop, the S&P 500 has challenged its range top early Tuesday, risin...
How to Fix 'Microsoft Store Not Downloading Apps or Games' Issue - BollyInside
This tutorial is about the How to Fix ‘Microsoft Store Not Downloading Apps or Games’ Issue. We will try our best so that you understand this guide. I hope you like this blog How to Fix ‘Microso...
Geonode Proxies As a Cybersecurity Measure - TechBullion
The Geonode Proxies website is a great way to understand how to use Geonode and how to set up a proxy server. Most websites that will offer you advice on how to set up proxy servers will us...
Bloom Energy and Heliogen Join Forces to Harness the Power of the Sun to Produce Low-Cost Green Hydr...
By combining near 24/7 carbon-free power and steam, generated by Heliogen’s Sunlight Refinery solar power generation system, with Bloom Energy’s highly efficient solid oxide electrolyzer, the compan...
Vulnerability Could Expose HAProxy to HTTP Request Smuggling Attack | eSecurityPlanet - eSecurity Pl...
A critical vulnerability discovered in the open-source load balancer and proxy server HAProxy could enable bad actors to launch an HTTP Request Smuggling attack, which would let them bypass security ...
How to Run Etherpad Lite on Ubuntu 20.04 LTS - BollyInside
This tutorial is about the How to Run Etherpad Lite on Ubuntu 20.04 LTS. We will try our best so that you understand this guide. I hope you like this blog How to Run Etherpad Lite on Ubuntu 20.04 LTS...
Proxyware Services Open Orgs to be Abuse – Report the reason why Threatpost
The administrator of your political data will be Threatpost, Incorporation., 500 Unicorn Park, Woburn, MA 01801. Detailed information about the processing of personal knowledge can be found in t...

IP Rotating Proxy Onsale

SPECIAL LIMITED TIME OFFER

00
Months
00
Days
00
Hours
00
Minutes
00
Seconds
First month free with coupon code FREE30