This alert may not be shared outside your organization, Do Not Repost or send, place on other websites, List servers, or send to others via email, including other associations or parties. Members and Law enforcement use only. Contact us for any permissions. To do otherwise will result in the loss of membership.
Complete Story
10/25/2021
The Anatomy Of A Credential Stuffing Attack
informationsecuritybuzz.com
While data breaches might be a heist best left to the experts, credential stuffing is a poor-man’s sport. And it’s a pretty popular game. In a 2020 report, RSA recognized it as “gaining tremendous momentum” and cited the then-recent breaches (Marriott, Capital One, Equifax) as providing the fodder used in those attacks – your usernames and passwords. Credential Stuffing Attacks (CSAs) complete the cycle, really. What good is a data breach if you don’t utilize the data? Credential stuffing uses (and overuses) the contraband credentials to try to access other accounts of yours – assuming you use the same password.
Called “the most popular way to obtain compromised credentials for account takeover,” CSAs are ubiquitous enough to require you to take action or eventually risk being a victim. Coming in all varieties, CSA entrepreneurs have their specialties – some to take over accounts, other to steal data, but their attacks are non-discriminating. So, at the risk of making this an effective “how-to” manual for rookie threat actors, let’s delve into the basics of what constitutes the increasingly popular credential stuffing attack – and how to avoid it.
Alerts
The FRPA alert system distinguishes us from other groups by gathering and providing information to law enforcement, retailers AND financial institutions.
more information
Resources
Your electronic library to help in fighting financial fraud for all of our partners.
more information