Credential Stuffing Attacks on the Rise. What Can You Do?
In a recent Private Industry Notification, the U.S. Federal Bureau of Investigation warned of a rise in credential stuffing attacks on businesses. More specifically, it warned that credentials stuffing attacks “accounted for the greatest volume of security incidents against the financial sector” at 41 percent.
Moreover, the FBI warned that the consequences of credential stuffing attacks could prove disastrous; financial businesses could suffer downtime, loss of customers, and reputational damage, in addition to costs reaching as much as $6 million per year.
However, these problems don’t just affect financial businesses. An article in InfoSecurity Magazine by Karen Bowen attributed some of the largest hackers of the past year to credential stuffing; these include the Marriott Breach, the Zoom breach, and the attack on GoDaddy.
Both Bowen and the FBI note that frequent exposure of credentials stems from a few different sources. Hackers constantly upload stolen or leaked credentials to the Dark Web, which makes it easier for hackers to perform future credential attacks. Yet users also contribute to this problem by refusing to use unique passwords for all of their accounts.
Preventing Repeating Passwords to Stop Credential Stuffing Attacks
Every repeated password exponentially increases the risk of hackers stealing it and using it in future credential stuffing ploys. In fact, repeated passwords could create a cascading data breach effect, where breach follows breach as more passwords become exposed.
Fortunately, there are a few steps enterprises can take to mitigate or completely prevent credential stuffing. First, you could use a business-level password manager to encourage users to generate strong passwords without fearing forgetting or losing them.
Alternatively, you could embrace different methods of authentication as embodied by multifactor authentication. Credential stuffing doesn’t work (or at least doesn’t work as well) if biometrics, geofencing, and token-detection all play a part in authentication processes.
You can learn more in our Identity Management Buyer’s Guide.
Widget not in any sidebars
Ben Canner
Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.
- The Best Biometric Authentication Software to Consider in 2024 - January 8, 2024
- The Best Privileged Access Management Providers for 2024 - January 1, 2024
- The Best Identity Governance Tools and Vendors in 2024 - December 31, 2023
