Search This Blog

Showing posts with label Credential Stuffing Attacks. Show all posts

Banking Sector suffered more Credential Stuffing than DDoS Attacks


According to F5's cybersecurity agency's report published recently, the financial sector has been a victim of severe credential stuffing attacks than the DDoS attacks in the last three years. The statistics included attacks against the financial industry as a whole. It recorded attacks against the banks, credit unions, insurance companies, broker agencies, and other services like Saas (Software as a Service) and payment processors.


The report's conclusion rejects the common belief that the financial sectors suffer the most from DDoS attacks, as other prominent threat actors are emerging. Reports say that in recent times, brute force attacks, ATO (Account Takeover) attacks, credential stuffing attacks have done more considerable damage on the financial sectors than DDoS, from the year 2017-19.
The ATO attacks include:

  • Credential Stuffing- When the hackers try to attacks by using leaked usernames and passwords they find on websites. 
  • Brute Force Attacks- Hackers use very common or weak passwords from a list to carry out brute attacks. 
  • Password Spraying- Hackers use the same passwords but against many individuals. 
Similarities between Credential Stuffing and DDoS attacks 
According to F5's reports, the DDoS attacks surged in the year 2019, but these figures cant be entirely accurate. Some credential-stuffing and brute force attacks are so fast and destructive that they are sometimes mistaken for DDoS attacks. The reason for the rapid rise of credential stuffing and brute force attacks is because the availability of leaked usernames and passwords is getting shorter and shorter. Due to scarcity in leaked passwords, the hackers are trying to get as much as they can from the attacks, hence the increase. 

Banks in North America a bigger target
According to the experts, North American banks have witnessed the highest number of brute force and credential stuffing attacks because of the availability of leaked passwords and credentials of the North American users on the websites since the last decade. "The combination of a global rise in DoS attacks and an increasing focus in North America on credential-based attacks suggests some ambivalence among attackers regarding the best strategies for extracting value from financial services targets," concludes F5 in its report.

No environment is immune to cyber attacks : Research

Global cyber-security solutions provider Check Point Software Technologies Ltd, released its “Cyber Attack Trends: 2019 Mid-Year Report”, revealing that no environment is immune to cyber-attacks.

Threat actors continue to develop new tool sets and techniques, targeting corporate assets stored on cloud infrastructure, individuals’ mobile devices, trusted third-party supplier applications and even popular mail platforms:

Mobile banking: With over 50% increase in attacks when compared to 2018, banking malware has evolved to become a very common mobile threat. Today, banking malware is capable of stealing payment data, credentials and funds from victims’ bank accounts, and new versions of these malware are ready for massive distribution by anyone that’s willing to pay.

Software supply chain attacks: Threat actors are extending their attack vectors such as focusing on the supply chain. In software supply chain attacks, the threat actor typically instils a malicious code into legitimate software, by modifying and infecting one of the building blocks the software relies upon.

Email: Email scammers have started to employ various evasion techniques designed to bypass security solutions and anti-spam filters such as encoded emails, images of the message embedded in the email body, as well as complex underlying code which mixes plain text letters with HTML characters. Additional methods allowing scammers to remain under the radar of Anti-Spam filters and reaching targets’ inbox include social engineering techniques, as well as varying and personalizing email content.

Cloud: The growing popularity of public cloud environments has led to an increase in cyber-attacks targeting enormous resources and sensitive data residing within these platforms. The lack of security practices such as misconfiguration and poor management of the cloud resources, remains the most prominent threat to the cloud ecosystem in 2019, subjecting cloud assets to a wide array of attacks.

“Be it cloud, mobile or email, no environment is immune to cyber attacks. In addition, threats such as targeted Ransomware attacks, DNS attacks and Cryptominers will continue to be relevant in 2019, and security experts need to stay attuned to the latest threats and attack methods to provide their organizations with the best level of protection,” said Maya Horowitz, Director, Threat Intelligence & Research, Products at Check Point.

42 Million Emails And Passwords Uploaded To A Free, Public Hosting Service

 

A database comprising of a collection of a total number of 42 million records was uploaded on an anonymous file hosting service kayo.moe. recently. The collection included unique email addresses and plain text passwords alongside partial credit card data.

Troy Hunt, Australian security researcher and creator of the Have I Been Pwned data breach index site, was requested to analyze and check whether it was the aftereffect of an obscure data breach. He could determine that more than 91% of the passwords in the dataset were at that point already accessible in the Have I Been Pwned collection and that the filenames in the said collection don't point to a specific source in light of the fact that there is no single example for the breaches they showed up in.

In light of the format of the data, the list are in all probability expected for credential stuffing attacks, which consolidate into a single list cracked passwords and email addresses and run them consequently against different online services to hijack the user accounts that match them.

Sample of data from lists sent to Hunt

The reason for the utilization of the credential stuffing attacks lies behind the fact that these attacks, while exploiting the users, for convenience are probably going to reuse those credentials on various other sites.

"When I pulled the email addresses out of the file, I found almost 42M unique values. I took a sample set and found about 89% of them were already in HIBP which meant there was a significant amount of data I've never seen before.” Hunter wrote on a blog post.

The database contained an overall of 755 documents totalling 1.8GB.

Users are constantly encouraged though to utilize solid as well as diverse passwords for various accounts. Continuously empower multifaceted validation.