The rise of credential stuffing attacks globally is made possible by the tendency of customers' re-using the same credentials across different websites and attackers' easy access to stolen credential lists.
Get In Touch
This is Part 2 of a 5-part blog series.
In the previous part of this blog series, we covered an overview of Zero Trust architecture concepts. The main concept is that trust should never be assumed based on where a user is in a network. The concept of a user or device being trusted because it is inside goes away. Instead every request to access a network resource must be authenticated and authorized. For more information, please read the Part 1 Introduction post.
Credential stuffing, and the botnets behind this activity, is the primary focus of the State of the Internet Security Report, Issue 4, 2018. Credential stuffing, the use of botnets to try to login to a site with stolen or randomly created login information, isn't a new phenomenon, but it is one that is having a growing impact, especially on financial services organizations. Our latest report takes a deeper look at attacks against a two North American organizations and a brief examination of where bot traffic is being generated.
How often are organizations really looking at the history of their logins to detect long term activity against their site? Our first example highlights a credit union that was encouraged to give their logs a deeper look when a botnet made a lot of noise during a credential stuffing attack. What they originally thought was a single botnet, actually turned out to be three separate attackers. What was especially concerning about one of the botnets was the longevity of the attack and how the attacker had used a "low and slow" strategy to remain below any default alerting thresholds that a normal business might have in place.
Our second example highlights a botnet at the other end of the spectrum -- one that created so much traffic, it dwarfed normal login attempts. It was a sudden spike two to three times their normal traffic that caused this financial services company to examine the incoming login traffic. Real customers were experiencing significant login issues, which is always a guaranteed way to get attention. Unluckily, it appears that is typically the only time many organizations think about credential stuffing.
In the final section of the report, we look at who the sources and targets of botnet attacks are. Akamai saw over 8.3 billion malicious login attempts in May and June alone. The majority of this traffic is coming from the U.S. (2.82 billion attempts) and Russia (1.55 billion attempts). But because the traffic is being created by botnets, it is nearly impossible to determine where the actual attackers are, just where the compromised systems making up the botnet are.
Credential stuffing may not be a new problem, but it is a growing one. Every time the user database of a site is compromised, the list of usernames and passwords available to botnet owners grows. Earlier this year, at least one such list topped 1.4 billion records. If even a tiny percentage of these accounts are reusing their logins and passwords, it makes credential stuffing at the volumes we're seeing worth the risk to attackers. Awareness of the threat is the first step in making credential stuffing less profitable for botherders.
This introduction is Part 1 of a 5 part blog series.
Most enterprises today operate hundreds of applications that support core business practices and were developed years ago with the same assumption in mind - that anyone inside the perimeter will get single sign-on access to any application or resource with legacy authentication schemes. The people who developed these applications couldn't foresee a rapid access paradigm shift with user diversification that would come rapidly in the future, and therefore could not anticipate the requirements that technology advancements would bring to market.
Like many other security professionals, you have been reviewing your security stack, reading up on the latest security trends, and have perhaps recently attended Info-Sec, RSA, Black Hat or some other relevant conference. Along the way, you may have seen messaging for recursive DNS (rDNS) as a security layer. However, it's hard for you to believe DNS is an effective security control, as you know it is a lookup service used to translate hostnames into IP addresses. I have news for you - it truly can be an effective and highly manipulative entry point to infiltrate your users and valued data stores and unfortunately, it's very hard to detect when it is compromised! Below are some points to show why rDNS security is a unique control plane and how it is difficult to manage by traditional security mechanisms.
By Chris Wraight and Charles Choe
The U.S. back-to-school shopping period is a hectic time when parents are busy purchasing items for their children such as pencils, books, electronics and new clothes; back-to-college is just as important and is now tracked separately. According to the National Retail Foundation, the 2018 total back-to-school and back-to-college spending for K-12 schools and college is projected to reach a combined $82.8 billion (back-to-school $27.5b and back-to-college $55.3b)
Big promotional days like Black Friday and Cyber Monday that got their start in the U.S. are now major online shopping days for consumers around the world. Here are some tips for catering to global shoppers, and preparing for the surge of traffic to retail websites from all sources.
While more consumers now shop on smartphones, retailers have a lot of work to do to make mobile shopping easy. Developers must account for the wide variety of mobile hardware and software, take into account how consumers use their phones in stores and ensure easy checkout.
In our global world of business, organizations often have multiple branch offices spanning every country. Some of these branches are quite large with their own IT infrastructure and personnel, while some are very small with just a few employees. In the past, these branch offices were connected to the main office using MPLS or other connectivity in a hub-and-spoke topology. Today, however, many enterprises are adding local Internet break-outs to the branch offices to boost Internet connectivity speed. In addition, as many applications are now cloud-hosted, this provides redundancy without dependency on connectivity to the central office.
Peak shopping season is just around the corner. Is your website prepared? Some websites slow down, and others simply crash, driving users (and revenue) away. Your website needs to accommodate a multitude of devices that will be accessing it, along with the potential for malicious attacks such as Bots and DDoS.