Interviews
Retailers common credential stuffing attack victim: report
03 Mar '19
2 min read
Hackers directed credential abuse attempts at retail sites more than 10 billion times from May to December last year, making retail the most targeted segment studied, according to the Akamai 2019 State of the Internet/Security: Retail Attacks and API Traffic report. Akamai Technologies in Cambridge is a US content delivery network and cloud service provider.
Two other pressing security concerns highlighted in the report are the preponderance of application programming interface (API)-call traffic on the Web and the apparent misrepresentation of Internet protocol version 6 (IPv6)-based traffic, according to a press release from the company.
The company studied the credential abuse technique known as credential stuffing, where hackers systematically use botnets—a network of private computers infected with malicious software and controlled as a group without the owners' knowledge—to try stolen login information across the web.
They target login pages for banks and retailers on the premise that many customers use the same login credentials for multiple services and accounts. Interest in retail is driven by the value of merchandise, which hackers acquire through compromised accounts and then frequently resell, according to the report.
The insidious all in one (AIO) bots that hackers deploy are multi-function tools that enable quick purchases by leveraging credential stuffing and a number of evasion techniques. A single AIO bot can target more than 120 retailers at once.
Within the retail industry outside of the apparel vertical, Akamai tracked credential stuffing attempts against direct commerce, department stores, office supply stores, and fashion, such as jewellery and watches. (DS)
Two other pressing security concerns highlighted in the report are the preponderance of application programming interface (API)-call traffic on the Web and the apparent misrepresentation of Internet protocol version 6 (IPv6)-based traffic, according to a press release from the company.
The company studied the credential abuse technique known as credential stuffing, where hackers systematically use botnets—a network of private computers infected with malicious software and controlled as a group without the owners' knowledge—to try stolen login information across the web.
They target login pages for banks and retailers on the premise that many customers use the same login credentials for multiple services and accounts. Interest in retail is driven by the value of merchandise, which hackers acquire through compromised accounts and then frequently resell, according to the report.
The insidious all in one (AIO) bots that hackers deploy are multi-function tools that enable quick purchases by leveraging credential stuffing and a number of evasion techniques. A single AIO bot can target more than 120 retailers at once.
Within the retail industry outside of the apparel vertical, Akamai tracked credential stuffing attempts against direct commerce, department stores, office supply stores, and fashion, such as jewellery and watches. (DS)
Fibre2Fashion News Desk – India
Popular News
Leave your Comments
Esteemed Clients
-Ltd..jpg?tr=w-120,h-60,c-at_max,cm-pad_resize,bg-ffffff "Thermore (Far East) Ltd.")
.jpg?tr=w-120,h-60,c-at_max,cm-pad_resize,bg-ffffff "Telangana State Industrial Infrastructure Corporation Limited (TSllC Ltd)")
.jpg?tr=w-120,h-60,c-at_max,cm-pad_resize,bg-ffffff "Taiwan Textile Federation (TTF)")
