How Credential Stuffing Is Evolving
- by nlqip
Credential stuffing sounds simple: attackers test stolen usernames and passwords across sites to see what works. After the hype and complexity of vulnerabilities like Heartbleed and Spectre, password reuse seems easy to dismiss. This has caused credential stuffing to become the most underrated attack of the 2010s and it hints at the future of application level attacks.
This class of attacks remained largely unchanged for years. There was no reason to change, they weren’t blocked. As adversity increased, attackers started to iterate faster, now bypassing defenses in a matter of months or even weeks. Dozens of companies, large and small, have tried to block credential stuffing attacks. Not a single, widely deployable defense – nothing – has seen lasting success without needing to evolve at the same speed.
Attackers aren’t leaving, the return on investment is just too high.
Read the full article published June 17, 2020 here: https://www.informationsecuritybuzz.com/articles/how-credential-stuffing-is-evolving/ by InformationSecurityBuzz.
Source link
lol
Credential stuffing sounds simple: attackers test stolen usernames and passwords across sites to see what works. After the hype and complexity of vulnerabilities like Heartbleed and Spectre, password reuse seems easy to dismiss. This has caused credential stuffing to become the most underrated attack of the 2010s and it hints at the future of application…
Recent Posts
- Leveraging Wazuh for Zero Trust security
- Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices
- Hackers Strike at Heart of Italian Government
- The Rise of Ransomware-as-a-Service and Decline of Custom Tool Development | BlackFog
- Canadian Suspect Arrested Over Snowflake Data Breach and Extortion Attacks