Australia is a top credential stuffing target

Australia is the fifth most targeted country in the world with credential stuffing attacks against online video and music streaming services, according to Akamai.

The content delivery network and cloud service provider’s new State of the Internet – Security special report on credential stuffing found that Australia ranked behind only the US, India, Canada and Germany as the fifth top attack destination in 2018.

Credential stuffing attacks involve using automated tools to test large numbers of stolen login details sequentially, based on the assumption that users re-use compromised passwords across multiple services.

Globally, three of the largest credential stuffing attacks against streaming service providers in 2018 — ranging in size from 133 million to 200 million attempts — took place shortly after reported data breaches.

According to Akamai, this suggests that cybercriminals are using credential stuffing techniques to test stolen login credentials before selling them.

The report also notes the existence of easily discoverable online video tutorials that run step by step through the execution of a credential stuffing attack, as well as a thriving marketplace of compromised accounts available for purchase in bulk on the dark web.

Akamai Director of Security Technology and Strategy Patrick Sullivan said the findings demonstrate how important it is that companies take steps to ensure their customers have basic cybersecurity awareness.

“Educating subscribers on the importance of using unique username and password combinations is one of the most effective measures businesses can take to mitigate credential abuse,” he said.

“The good news is that organisations are taking the threat seriously and investigating security defences.”

Image credit: ©iconimage/Dollar Photo Club

Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and quarterly magazine.