While the success rate of a single login attempt remains low, a network of bots can attempt millions of logins per day and they are successful an estimated 0.5%-3% of the time, depending on the target. The price tag for ATO amounts to billions of dollars annually. Money, corporate reputation, and customer loyalty are all at risk and many organizations are challenged in thwarting credential stuffing attacks and automated bots because they have to balance it with ease-of-use for legitimate customers and users.
The Verizon Data Breach Incident Report (DBIR) blamed 29% of all breaches on credential stuffing. It is estimated that automated credential-stuffing attempts makes up 90% of enterprise login traffic in the US. In 2018, Akamai reported over 30 billion malicious login attempts detected by their services alone. 
The rate of account takeover started to spike in 2017 and has not declined yet. Today’s threat landscape features credential stuffing as a primary menace to every business in America: Successful credential stuffing attempts can directly lead to account takeover (ATO) and fraud. Credential Stuffing & Account Takeover (ATO) Bad actors find full credentials from the dark web or internet and then will attempt to access an account other sites where the exposed credentials may be valid. The main vulnerability is customer reuse of passwords across different accounts. This type of attack is difficult to defend against because organizations have a hard time discerning between legitimate customer usage and a bad actor gaining unauthorized access to the account. These incidents were made possible by credential stuffing-an attack methodology that utilizes stolen user names and passwords from one website, then uses them to access other web-based accounts. The attacks were invasive and the source of the attack vector is concerning. With articles coming out daily on new data breaches and leaks, perhaps you heard about the account takeover attacks at Basecamp, Dunkin Donuts, or TurboTax earlier this year. Five industries in particular are more at-risk for credential stuffing and account takeover (ATO) attacks. All industries are targets for cyber-attacks, but some are more targeted due to the value of the accounts.
0 kommentar(er)
