Retailers top credential stuffing targets


By Dylan Bushell-Embling
Thursday, 28 February, 2019

Retailers top credential stuffing targets

Retailers have become the top target worldwide for credential stuffing attacks, involving the use of bots to try stolen login information across the web, according to Akamai’s latest State of the Internet – Security report (PDF).

Hackers attempted credential abuse at retail sites more than 10 billion times from May to December last year alone, the report found.

Attackers are using sophisticated all-in-one bots that allow them to target more than 120 retailers at once with stolen login credentials.

These bots are multifunction tools that often use a number of evasion techniques to avoid detection.

While the retail sector is the top target, media and entertainment properties are notable credential abuse victims as well, with attackers targeting them in an attempt to obtain the personal information registered on the sites. This type of data has high resale value on the black market.

The report also identified significant numbers of credential abuse attacks against financial services, hotel and travel, and consumer goods sites.

“The techniques change, but the motivation remains the same: greed,” commented Martin McKeay, Security Researcher and Editorial Director of the State of the Internet – Security report.

“Retailers remain on the front lines, because stolen merchandise sells quickly and at a premium. And for that reason, the data shows which merchandise is of the highest value: apparel sites are targeted the most.”

Meanwhile, the report also identified security concerns related to the growing preponderance of web traffic. Akamai research suggests that API calls represent 83% of web traffic, with the majority of traffic being for custom applications.

Because some security tools are not equipped to manage API traffic, this growth should be an important factor for security teams when considering risk.

Image credit: ©James Thew/Dollar Photo Club

Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and quarterly magazine.

Related News

CrowdStrike to buy Adaptive Shield

CrowdStrike is augmenting its SaaS security capabilities through the acquisition of Israeli-based...

LockBit named nastiest malware of 2024

LockBit, a ransomware malware known to have been used to attack Australian targets, has been...

Extreme Networks launches ZTNA solution

Extreme Networks' new ExtremeCloud Universal ZTNA solution combines cloud network access...


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd