Research: majority of Australias top 250 websites cant detect bot attacks

Thursday 18 April 2019 10:27 CET | News

Most organisations can’t spot automated credential stuffing attacks, according to security company Kasada.

The company’s research shows that 86% of Australia’s top 250 websites cant tell the difference between a human using a web browser and a bot running a script, leaving them vulnerable to credential stuffing attacks.

Researchers focused on the industries most often targeted by bot attacks such as retail, property, wagering, finance, airlines, utilities, and health insurance. The researchers loaded the sites’ login pages using automation tools and the results showed that 90% of the websites failed to detect those automated logins.

Also, 86% of the tested websites failed to detect differences between types of scripts injected/tools used. Credential stuffing is the one kind of attack where it is easier for the bad guys to build a return on investment, encouraging them to spend money to evade detection, Kasada’s lead field engineer added.

Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: credential stuffing attacks, bot attacks, login sessions, ecommerce, Kasada, Australia, scripts, automated tools
Countries: World