The company’s research shows that 86% of Australia’s top 250 websites cant tell the difference between a human using a web browser and a bot running a script, leaving them vulnerable to credential stuffing attacks.
Researchers focused on the industries most often targeted by bot attacks such as retail, property, wagering, finance, airlines, utilities, and health insurance. The researchers loaded the sites’ login pages using automation tools and the results showed that 90% of the websites failed to detect those automated logins.
Also, 86% of the tested websites failed to detect differences between types of scripts injected/tools used. Credential stuffing is the one kind of attack where it is easier for the bad guys to build a return on investment, encouraging them to spend money to evade detection, Kasada’s lead field engineer added.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now