View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
September 19, 2018updated 08 Jul 2022 7:30am

Bots Using Credential Stuffing to Launch Billions of Attacks

“One of the world’s largest financial services companies was experiencing over 8,000 account takeovers per month"

By CBR Staff Writer

May to June this year saw a 30 percent increase in worldwide malicious login attempts. This amounts to 8.3 billion login threat actions by bots over that time period.

This is according to US-based content delivery network and cloud service provider Akamai’s 2018 State of the Internet report, that discovered more than 30 billion malicious login attempts over an eight month period.

A key concern highlighted in the report is the rise of credential stuffing, a process that involves threat actors who have already obtained the login credentials of users from a previous attack or a simple purchase on the dark web. These stolen credentials are then used in attempts to login into other websites and accounts.

Credential stuffing is made possible due to the fact that many online users still erroneously have the same login details across multiple websites. Once a threat actor has the key to one, they have the key to all. The issue is finding what other accounts are using the same login details. So the simple solution is to automated the process and send in the bots.

Martin McKeay senior security advocate at Akamai commented in the report that: “Every business is impacted by credential stuffing botnets. Many businesses just see the traffic because of scatter shot scans, but financial services and retail sites are prime targets. Account takeover is profitable for attackers, guaranteeing that it will be a threat for the foreseeable future.”

Malicious Login Attempts Cases

As part of their research Akamai looked at a financial service institution in the Fortune 500 which saw its average login attempts jump from 50,000 in an hour to over 350,000.

The report points out that the company was: “Accustomed to having time-related peaks and valleys, but the difference between a daily peak of 100,000 logins per hour and tripling that when traffic should be declining was hard to miss.”

See Also: Top 10 Malware Families in 2018: Botnet Analysis

The institution would have an average seven million legitimate logins over a six day period; in sharp contrast the botnet credential stuffing campaign generated over 8.5 million malicious login attempts. With a significant number of these condensed within a 48 hour period.

Content from our partners
Why all businesses must democratise data analytics
How start-ups can take the next step towards scaling up
Unlocking the value of artificial intelligence and machine learning

While the traffic generate in this attack was from global sources, nearly a third of it originated from the United States and Vietnam.

In that attack a single host created nearly 37,000 malicious login attempts over a 48 hour time frame while the botnet was active, this accounted for .7 percent of the traffic.

The report notes that: “While the percentage may not make this seem significant, if all 20,000 nodes of the botnet generated a similar 13 requests per minute, instead of the average of one request per minute, the botnet would have been a crippling attack from the target’s point of view.”

Websites in our network
NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy