Complete Story
 

10/25/2021

The Anatomy Of A Credential Stuffing Attack

informationsecuritybuzz.com

While data breaches might be a heist best left to the experts, credential stuffing is a poor-man’s sport. And it’s a pretty popular game. In a 2020 report, RSA recognized it as “gaining tremendous momentum” and cited the then-recent breaches (Marriott, Capital One, Equifax) as providing the fodder used in those attacks – your usernames and passwords. Credential Stuffing Attacks (CSAs) complete the cycle, really. What good is a data breach if you don’t utilize the data? Credential stuffing uses (and overuses) the contraband credentials to try to access other accounts of yours – assuming you use the same password.

Called “the most popular way to obtain compromised credentials for account takeover,” CSAs are ubiquitous enough to require you to take action or eventually risk being a victim. Coming in all varieties, CSA entrepreneurs have their specialties – some to take over accounts, other to steal data, but their attacks are non-discriminating. So, at the risk of making this an effective “how-to” manual for rookie threat actors, let’s delve into the basics of what constitutes the increasingly popular credential stuffing attack – and how to avoid it.

Read more...

Printer-Friendly Version


Resources

Alerts

The FRPA alert system distinguishes us from other groups by gathering and providing information to law enforcement, retailers AND financial institutions.

more information
Resources

Resources

Your electronic library to help in fighting financial fraud for all of our partners.

more information