Retailers top credential stuffing targets


By Dylan Bushell-Embling
Thursday, 28 February, 2019
Retailers top credential stuffing targets

Retailers have become the top target worldwide for credential stuffing attacks, involving the use of bots to try stolen login information across the web, according to Akamai’s latest State of the Internet – Security report (PDF).

Hackers attempted credential abuse at retail sites more than 10 billion times from May to December last year alone, the report found.

Attackers are using sophisticated all-in-one bots that allow them to target more than 120 retailers at once with stolen login credentials.

These bots are multifunction tools that often use a number of evasion techniques to avoid detection.

While the retail sector is the top target, media and entertainment properties are notable credential abuse victims as well, with attackers targeting them in an attempt to obtain the personal information registered on the sites. This type of data has high resale value on the black market.

The report also identified significant numbers of credential abuse attacks against financial services, hotel and travel, and consumer goods sites.

“The techniques change, but the motivation remains the same: greed,” commented Martin McKeay, Security Researcher and Editorial Director of the State of the Internet – Security report.

“Retailers remain on the front lines, because stolen merchandise sells quickly and at a premium. And for that reason, the data shows which merchandise is of the highest value: apparel sites are targeted the most.”

Meanwhile, the report also identified security concerns related to the growing preponderance of web traffic. Akamai research suggests that API calls represent 83% of web traffic, with the majority of traffic being for custom applications.

Because some security tools are not equipped to manage API traffic, this growth should be an important factor for security teams when considering risk.

Image credit: ©James Thew/Dollar Photo Club

Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and quarterly magazine.

Related News

IMT sector was Australia's most targeted in 2023: report

The information, media and technology sector has been the Australian industry most targeted...

ISACA identifies gaps in AI knowledge, training and policies

85% of digital trust professionals say they will need to increase their AI skills and knowledge...

VNC accounts for nearly all remote desktop attacks

Virtual Network Computing accounted for 98% of remote desktop attacks recorded by Barracuda last...

Content from other channels on our network

How to rewire onsite safety for electrical workers

Redback Technologies returns following voluntary administration

Electric school buses: healthier and more cost-effective?

Govt expands energy apprenticeships program

Siemens to support Gippsland's energy transition

Improving Mobile Coverage Round cleared by Audit Office

Sphere Drones granted BVLOS area approval

ARCIA update: lessons from the USA and more

Hytera celebrates 10th anniversary of its UAE subsidiary

Nokia to build nationwide 5G standalone network in Uzbekistan

Infrastructure projects a funding black hole without asset management

Powertec Wireless Technology launches 4G/5G National Coverage Model

Orbus Software launches CivicInsights platform

Security must be front of mind when modernising video surveillance technology

Breakfast event to explore connectivity for emergency response

  • All content Copyright © 2024 Westwick-Farrow Pty Ltd