According to a blog post by a US-based VPN provider, hackers conduct more than 87 million "credential stuffing" attacks against Americans every day.
Atlas VPN extracted data from a publicly available study summarizing research by security firms Akamai and F5. The two security firms found that credential stuffing attacks are rapidly increasing in the U.S., with 3.6 million occurring every hour.
According to Atlas VPN, the increase in credential stuffing is due to the high number of data breaches in recent years.
Credential stuffing (which accounts for 44% of financial services attacks) is when cybercriminals systematically attempt to access personal or company accounts using stolen credentials from previous data breaches involving other accounts.
The reason credential stuffing works is simple: people reuse passwords. If you use strong, unique passwords for each online account and use the best password managers or other methods to manage your passwords, credential stuffing will not be a problem.
If a credential stuffing attack is successful, the victim will not only suffer financial loss, but may also be a victim of identity theft if the hacker has access to personal information.
Between December 1, 2017 and November 30, 2018, Akamai observed approximately 64 billion credential stuffing attack attempts in the United States.
Akamai reports that countries such as India, China, Canada, the United Kingdom, Brazil, the United Arab Emirates, Australia, Italy, and Switzerland received only 16.9 billion credential stuffing attacks in total during this period.
This represents only 26.4% of the total number in the U.S. Atlas VPN attributes this discrepancy to the greater number of records leaked in the U.S.
Rachel Welch, COO of Atlas VPN, said: " Individuals who want to protect themselves from credential stuffing attacks should set up two-factor authentication [2FA] whenever possible"
.
"When hackers discuss credential stuffing attacks on the dark web, they often complain that two-factor authentication is the biggest obstacle to a successful cyber attack."
That is true, and we recommend turning on 2FA whenever possible because it helps protect your account from several different types of attacks. However, it is even easier to not reuse passwords, which can stop credential stuffing altogether.
Atlas VPN also notes a report from security firm Recorded Future and an article on the Help Net Security website.
These sources include research showing that online criminals often require automated credential checkers ($150) and network proxies ($250 per week) to carry out these attacks, as well as cybercriminals hacking eBay, Amazon, PayPal accounts for as little as $3.50, $2, and $1, respectively, on the dark web.
Comments