Monday, June 27, 2022
CybersecFill
Advertisement
  • Home
  • Events
  • News
  • security tips
  • Article
  • Contact Us
No Result
View All Result
  • Home
  • Events
  • News
  • security tips
  • Article
  • Contact Us
No Result
View All Result
CybersecFill
No Result
View All Result
Home Blog

Credential Stuffing

Cybersecfill by Cybersecfill
August 22, 2019
in Blog
0
What is credential Stuffing?

Image source: https://spycloud.com

Share on FacebookShare on Twitter
What is Credential Stuffing?

Credential stuffing is a type of attack where stolen account credentials which comprises of username,passwords and email addresses are used to accomplish account takeover through automated web injection.

Credential Stuffing- Why Password Reuse is not a Good Idea

It’s no news that the sum of money invested in cyber-security by industries across numerous verticals has skyrocketed over the past decade. Yet, a sizable number of these enterprises continue to suffer cyber-attacks, mostly as a result of employees’ dereliction of their duty. Credential stuffing is one of the many techniques at the disposal of cyber threat actors and its rise to popularity can be attributed to its simplicity and the difficulty in its detection, using standard security controls.

The operation behind credential stuffing is utterly laid on the line – threat actors take a massive collection of compromised usernames and passwords (some of which can be found for free on the dark web or obtained from a corporate mega breach) and load them into a malicious bot program with a view to reusing them to access other online services in the knowledge that users typically reuse credentials across multiple web applications.

Given this reality, it is important for end users to become conscious of the threat posed by credential stuffing, as it isn’t going away anytime soon. Its scope and sophistication will continue to evolve over time, as most cyber threats do.

In Akamai’s 2019 State of the Internet report, it was disclosed that the “retail sector” was a top target for credential stuffing attacks. This emerging trend in the retail industry has seen a use of “all in one bots” (AIO Bots) to perform credential stuffing. These bots bypass security controls for online retail accounts and use compromised accounts to make transactions. It’s worth mentioning that the financial sector has also had its fair share of credential stuffing attacks.

In 2018, it was reported that UK financial giants, HSBC recorded a security incident which affected an undisclosed number of its customers. The bank’s data breach notification letter, described an incident which fits perfectly into the narrative of a credentials stuffing attack. This year, another major incident facilitated by credential stuffing was reported by Dunkin Donuts. Unsurprisingly, it was the second credential-stuffing attack suffered by the fast food chain in three months. Although, Dunkin’s successfully prevented some malicious login attempts into DD Perks accounts (Dunkin’s loyalty program), they however admitted that, threat actors may have successfully breached user accounts, in situations where username and passwords had been reused on digital accounts unrelated to Dunkin’s Donuts.

In fact, it can be deduced that when set in motion these attacks are virtually unstoppable. If the odds of successfully orchestrating credential stuffing attacks are significant, what are the chances of mitigating this fast rising threat? At this rate, the outcome of a staged attack is largely dependent on whether or not an end user/employee has done enough to secure their account by avoiding password reuse across digital platforms.

More so, it’s worth mentioning that security experts have a big role to play in mitigating these threats, through relentless end user awareness and by enforcing the use of two factor authentication across web based applications.

For such a straightforward technique, credential stuffing can be very problematic to deal with. So the next time you want to sign up across multiple digital platforms, remember to keep your passwords unique, use two-factor authentication when provided an option, and try not to get pwned!

About Author

Oluwatobi Afolabi is a versatile, analytical and innovative Cybersecurity Analyst. I have a soft spot for Cybersecurity, tech, anime and Arsenal FC. When not in front of his laptop researching, he is either volunteering, creating meaningful content or underwater. Hope you found this interesting and enlightening! 

Want to know more about me? Find me on LinkedIn @Oluwatobiafolabi

Tags: BingCredential StuffingcyberintelligenceData breachGoogleYahoo
Cybersecfill

Cybersecfill

An independent Nigeria cybersecurity blog.

Next Post
Google YouTube privacy violation

YouTube Violated Kid's Privacy - Google to pay $170 million

0 0 votes
Article Rating
Login
guest
guest
0 Comments
Inline Feedbacks
View all comments
  • Trending
  • Comments
  • Latest
CEH_PRACTICAL

CEH PRACTICAL EXAM – TICKET TO CEH MASTER

February 6, 2021
Wireless Access Point

How To Secure Your Wireless Access Point (WAP)

August 3, 2019
Wifi 6 Security

Did Wi-Fi 6 come with an Improvement In Security?

May 13, 2019
credit card cloning

How Credit/Debit Cards are Cloned / Preventing Card Cloning

December 26, 2019
Nationa Cybersecurity Strategy

A Review of the Nigeria National Cybersecurity Strategy

9
Facebook

Facebook’s New Settings Allows Hackers To Easily Pentest Facebook,Instagram Mobile Applications

8
Cybersecurity Jobs

Cybersecurity Jobs – You can create your own Cybersecurity Role

4
open Source intelligence tools

Open Source Intelligence tools – OSINT

4
Suspected Head of Cybercrime Gang Arrested in Nigeria…

Suspected Head of Cybercrime Gang Arrested in Nigeria…

June 17, 2022
Types of Hackers and Hacking Protection Tips….

Types of Hackers and Hacking Protection Tips….

June 6, 2022
Types of Hackers and Hacking Protection Tips…

Types of Hackers and Hacking Protection Tips…

May 31, 2022
Sports Betting…Increase in Cybersecurity and Data Privacy Risks for Companies and Consumers.

Sports Betting…Increase in Cybersecurity and Data Privacy Risks for Companies and Consumers.

May 19, 2022

Recommended

Suspected Head of Cybercrime Gang Arrested in Nigeria…

Suspected Head of Cybercrime Gang Arrested in Nigeria…

June 17, 2022
Types of Hackers and Hacking Protection Tips….

Types of Hackers and Hacking Protection Tips….

June 6, 2022
Types of Hackers and Hacking Protection Tips…

Types of Hackers and Hacking Protection Tips…

May 31, 2022
Sports Betting…Increase in Cybersecurity and Data Privacy Risks for Companies and Consumers.

Sports Betting…Increase in Cybersecurity and Data Privacy Risks for Companies and Consumers.

May 19, 2022

© 2020 CybersecFill. All Rights Reserved.

No Result
View All Result
  • Home
  • Events
  • News
  • security tips
  • Article
  • Contact Us

© 2020 CybersecFill. All Rights Reserved.

wpDiscuz
0
0
Would love your thoughts, please comment.x
()
x
| Reply

Privacy Policy - Terms and Conditions