A quick glance at recent reports or news headlines paints a dismal picture of the data breach landscape in 2019. Both by the measure of the number of companies compromised and the number of records accessed, breach incidents are occurring at a record-setting pace, with over four billion records exposed for misuse and abuse this year. Our widespread participation in the digital economy as consumers has made personal data a top target for cybercriminals. With the frequency of data breaches rising every year since 2011, it’s no secret that today’s hackers are exploiting valuable information for profits with shocking regularity.
Credential stuffing attacks are quickly becoming a major contributor to this trend, as they are difficult to detect and have the potential to wreak havoc for companies and consumers alike. We invite you to learn more about this cyberthreat and discover how you can protect your business, clients, and users.
Credential stuffing 101
With credential stuffing attacks, hackers apply previously stolen login credentials to other platforms in an attempt to gain access to user accounts or company networks. Today, there are billions of records available on the Dark Web, and since the majority of internet users admit to using the same usernames and passwords across multiple digital platforms, such threats can have cascading consequences.
They are also incredibly easy to perpetuate. It’s estimated that there were nearly 30 billion annual attempts to access accounts in 2018. Hackers rely on easily accessible automation tools and proxy services to orchestrate attacks at scale, positioning credential stuffing as a low effort, high reward endeavor for bad actors.
Meanwhile, IT administrators are struggling to adapt. According to a study by the Ponemon Institute, only 41% of companies feel that they have adequate visibility into credential stuffing attacks, and only 37% acknowledge that they are capable of responding quickly. Consequently, several prominent companies, including State Farm, Nest, Dunkin Donuts, and OkCupid, have all been victimized by a credential stuffing attack in recent years.
Consumer and business best practices
Although credential stuffing attacks are especially prevalent and intrusive, they are also entirely defensible. For starters, strong, unique passwords can isolate cybersecurity instances, ensuring that compromised credentials on one platform can’t be used to access other websites. When coupled with two-factor authentication, consumers can prevent unauthorized access by placing obstacles in the way of an otherwise easy-to-deploy cyber attack.
Fortunately, many platforms make it easy to develop and store complicated passwords that can keep your accounts secure. However, even the best passwords can be compromised in a data breach, and with the average detection time approaching 200 days, regularly updating these passwords can ensure that credentials always remain secure.
Businesses can do their part by requiring users to update their passwords routinely and placing parameters around the complexity of new passwords. Making the process simple, intuitive, and timely will ensure that all users are equipped to protect their accounts and implement best practices.
In today’s rapidly evolving threat landscape where breached data can quickly make its way to the dark web, companies must leverage tools that enable detection. Proactively monitoring the dark web to determine if users’ credentials have been previously compromised allows companies to stay one step ahead of the hackers. Acting on such intel can be as simple as prompting users to update their passwords before a breach even occurs.
Ultimately, cybercriminals are a malleable, ever-evolving group that will continually strive to exploit vulnerabilities in any company’s IT infrastructure. Nevertheless, with billions of records available for potential credential stuffing attacks, every organization should identify credential stuffing attacks as an imminent threat that must be prioritized.
Take action now. Schedule a meeting with us and learn how you can stop credential stuffing attacks in their tracks!