Retail sector the top target for credential stuffing attacks

Friday 1 March 2019 04:56 CET | News

An Akamai report has revealed that retailers are a favourite target of cybercriminals looking to cash in through easy, automated credential stuffing attacks.

PoS malware has been and still is a common way to infiltrate retail systems and steal valuable credit card data. Credential stuffing attacks are automated and make use of lists of stolen data -- such as financial or online service credentials -- to send barrages of user authentication requests without the need for human interaction.

Given the huge stolen data sets now available, cybercriminals are now taking advantage of these caches with the help of what is known as All-in-One (AIO) bots. Akamai says that AIO bots, which are capable of deploying multi-functional tools including credential stuffers, have found particular value to criminals when it comes to product purchases.

An emerging trend is the use of these bots to perform credential stuffing attacks, successfully compromise online retail accounts, make purchases, and then allow operators to resell these fraudulently-purchased items for a profit. According to the Akamais 2019 State of the Internet report, AIO bots are capable of targeting up to 120 retailers at once.

Clothing websites are most often targeted, followed by department stores, office merchandise suppliers, and accessory retailers. In addition, the media, entertainment, and banking sectors are all common victims of these types of attacks.

Over a period of eight months in 2018, Akamai detected 27,985,920,324 credential abuse attempts, with the majority of attacks stemming from the United States, followed by Russia, Canada, Brazil, and India. On average, this equates to 115 million user account compromise attempts every day.

In total, 10 billion of these attempts were focused on retail targets, spurred on by the general pattern that individuals often reuse their account credentials across different online services.

Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: retail, fraud, credential stuffing, report, cybercrime, Akamai
Countries: World