Credential stuffing is a cyberattack in which exposed usernames and passwords are used to gain fraudulent access to user accounts through large-scale, automated login requests. High account usage, password reuse, and vast volumes of breached credentials on the dark web create the perfect storm for cybercriminals to carry out credential stuffing campaigns, while tactics used by malicious actors make identifying and preventing credential stuffing attempts a significant challenge for organizations.
Adding to pressures is the fact that attackers purposely disguise credential stuffing to make fraudulent access attempts appear legitimate and escape detection. “Credential stuffing attacks are emulating the sorts of requests that a legitimate user would make,” Troy Hunt, security researcher and founder of data breach notification service Have I Been Pwned, tells CSO. “Attackers are asking: What does it look like to make a legitimate request? How can we emulate that? Where it starts to get really interesting is when we look at the combativeness between defenders and attackers.”
More Stories
US Government IT Staffer Arrested on Espionage Charges
Maryland resident faces possible death penalty Read More
UK Security Agency Publishes New Crypto Designs
NCSC hopes research will inform future standards Read More
Apple Patches Three Actively Exploited Zero-Days
Bugs were found by Citizen Lab and Google Read More
How To Talk To Your Kids About Identity Theft
Let’s be honest, talking to your kids about identity theft isn’t probably top of your list. There’s a long list...
Snatch ransomware – what you need to know
The FBI and US Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint advisory warning organisations about a ransomware-as-a-service...
UK-US Confirm Agreement for Personal Data Transfers
The agreement, which represents an extension to the EU-US Data Privacy Framework, will enable the free flow of personal data...