Today more of our world is digital than ever before. Everything from reading the newspaper, to checking what your friends are up to, to ordering food or even ordering some new clothes requires some kind of account. Moreover, most of these accounts are either very similar or share certain details.
Therefore, a compromise in one account could potentially risk all the others. Today there are millions of account credentials that are being circulated on the dark web, it is big business and these credentials are also used extensively in credential stuffing scripts.
This is a style of brute force attacks in which rather than investing a lot of time in trying different combinations of credentials the attackers simply run lists of different credentials they have used in the past that have worked. These might be credentials from other platforms, but the fact that they are all user credentials that were real at some point greatly increases the success rates. This is extremely effective because people tend to use the same passwords or and some even use the same security questions across different sites.
People get this information from the dark web where they can purchase credentials, complex bots that will bypass security, and various tools that help them in their crime. Some criminals even go as far as hiring cheap labor to work through challenge-response mechanisms such as Captchas, as having a person makes this part of the job a bit easier and faster.
Similarly, these criminals also have tools with which they can intercept multi-factor authentication messages and one-time password messages to get into an account.
Security organizations all over the world are witnessing a rise in credential stuffing attacks. In 2020 we saw nearly 200 billion such attacks, with the highest in one day being over a billion attacks. The main aim of all these attacks was a financial crime, stealing money, stealing credit card information, and stealing anything that can give the hacker financial benefit.
For any business or individual who wants to stay safe from such attacks, here are a few things you can do.
An attacker will use software to attack, but it will imitate the behavior of a human, moreover, the attack will be distributed across a number of proxies to disperse the access requests. If you notice a large number of failed logins in a short span of time, this can be an attack building up.
For accounts that are deemed high risk, this should be a mandatory step. Even though it can be bypassed it is not that easy and it’s a great way to minimize potential threats.
Admins should keep an eye on the data that is in circulation and if they see anything that is concerned with them or their organization, that account should be flagged and set aside for 2FA and a password reset.
Users should make use of proper password management solutions. This will allow them to create strong passwords that are actually difficult to crack and it will be a much safer store for this information than a standard browser.
Not only users but also apps need to be verified and authenticated so you know who and what is accessing your server. This will eliminate bots and scripts and together with 2FA, this is an effective approach to filtering traffic.
This requires all users to repeatedly be authenticated, authorized, and validated before they are granted access to resources. In this way the credentials will be of no use within the script, essentially making the data useless and making it impossible to use only credentials as a means of entry.