TRENDING credentials and their posting on the Dark Web . Researchers conducted a historical analysis using a sample of almost 9 billion credentials from thousands of separate data breaches , referred to as ‘ Collection X ’. The credentials were posted on Dark Web forums in early January 2019 .
F5 compared Collection X credentials to the usernames used in credential stuffing attacks against a group of customers six months before and after the date of announcement ( the first time a credential spill becomes public knowledge ). Four Fortune 500 customers were studied – two banks , a retailer and a food and beverage company – representing 72 billion login transactions over 21 months . Using Shape Security technology , researchers were able to ‘ trace ’ stolen credentials through their theft , sale and use .
Over the course of 12 months , 2.9 billion different credentials were used across both legitimate transactions and attacks on the four websites . Nearly a third ( 900 million ) of the credentials were compromised . The stolen credentials showed up most frequently in legitimate human transactions at the banks ( 35 % and 25 % of instances , respectively ). 10 % of the attacks targeted retail , with around 5 % focusing on the food and beverage business .
“ Credential stuffing will be a threat so long as we require users to log in to accounts online ,” added Boddy . “ Attackers will continue to modify their attacks to fraud protection techniques , which is creating a strong need and opportunity for adaptive , AI-powered controls related to credential stuffing and fraud . It is impossible to instantaneously detect 100 % of the attacks .
What is possible is to make attacks so costly that fraudsters give up . If there is one thing that holds true across the worlds of cybercriminals and businesspeople , it is that time is money .” p
Access attacks – including credential stuffing and phishing – are now the number one root cause of breaches . It is highly unlikely that security teams are winning the war against data exfiltration and fraud , so it looks as though we are seeing a previously chaotic market stabilise as it reaches greater maturity .
www . intelligentcio . com INTELLIGENTCIO MIDDLE EAST 27