BELLEVUE, Wash., Nov 19 (Bernama-GLOBE NEWSWIRE) -- Auth0, the identity platform for application builders, today revealed data insights showing the staggering amount of credential stuffing attacks attempted on its platform on a daily basis. Auth0 detects attacks from more than 50,000 unique IP addresses every day, reflecting the growing sophistication and frequency of cybercrime. Credential stuffing attempts are constantly multiplying, with absolutely no slowdown in sight.
The sheer number of attempts is due largely to the ease and inexpensive manner in which credential stuffing attacks can be orchestrated. Getting access to breached passwords is the first step for attackers, and unfortunately, there are billions openly available on the internet. Auth0’s database contains more than one billion breached email/password combinations which are used for its Breached Password Detection feature, the first line of defense against credential stuffing. Breached credentials, in combination with 65% of people reusing passwords across accounts (Google), enables hackers to architect botnets – networks of exploited devices – to direct large-scale attacks in a coordinated manner.
Whereas targeted attacks have a specific and designated entry in mind, large-scale attacks like credential stuffing are automated and intended to attack as many entry points as possible. There is also a proliferation of ‘botnets-for-hire’ where services are traded among hackers, even rented for nominal fees for use in widespread attacks. And their destruction can oftentimes go unnoticed because these botnets steal insignificant amounts of money from services (like Spotify or Netflix) that actually add up to billions of dollars every year.
http://mrem.bernama.com/viewsm.php?idm=36169