Avast Blog_ViewPoints: Twin terrors: The rising threat of credential stuffing and acc

[harlan4096]

Darknet tandem takes full advantage of Big Data, high-velocity software, and automation

A pair of malicious activities have become a stunning example of digital transformation – unfortunately on the darknet.

Credential stuffing and account takeovers – which take full advantage of Big Data, high-velocity software, and automation – inundated the internet in massive surges in 2018 and the first half of 2019, according to multiple reports.

Credential stuffing is one of the simplest cybercriminal exploits, a favorite among hackers. Using this technique, the criminal collects your leaked credentials (usually stolen in a data breach) and then applies them to a host of other accounts, hoping they unlock more. If you’re like the majority of users out there, you reuse credentials. Hackers count on it.

A new breed of credential stuffing software programs allows people with little to no computer skills to check the log-in credentials of millions of users against hundreds of websites and online services such as Netflix and Spotify in a matter of minutes. The sophistication level of these cyberthreats is increasing, and there’s an ominous consensus gelling in the cybersecurity community that the worst is yet to come.

“We’ve observed significant growth in credential stuffing and account takeovers for several years. It’s hard to see a short-term change that would slow attempts by attackers,” Patrick Sullivan, Akamai’s senior director of security strategy, told me. “Significant changes to authentication models may be required to alter the growth trajectory of these attacks.”

In terms of wreaking havoc, credential stuffing and account takeovers are just getting warmed up. Here are a few important things everyone should understand about these twin emerging threats.

New way to buy and sell

In late 2014 and early 2015, dark web storefronts suddenly caught fire. New e-commerce platforms, modeled on the merchant services of eBay and Amazon, started to gain serious traction in the cyber underground.

Almost overnight, the old ways of darknet commerce, in which buyers and sellers negotiated and executed deals on a peer-to-peer basis, became obsolete. A Recorded Future report describes what unfolded: “With the advent of automated shops, the need for manual engagement was eliminated and the business of compromised accounts fully transitioned from peer-to-peer dealings to a much more democratized, open-to-everyone enterprise.” In short, the new dark web storefronts enabled criminal business models to form.

Enter bots and botnets. A bot is a computing nodule with a small bit of coding that causes it to obey instructions from a command-and-control server. A botnet is a network of thousands upon thousands of bots under control of an attacker.

Botnets factored into the plundering of personal data from the likes of Capital One, Marriott and Equifax. In prior years, marquee financial institutions, healthcare firms, media companies, tech giants and government agencies likewise disclosed major data breaches aided and abetted by botnets.

Thanks to botnets, if you’ve ever patronized any of the hacked enterprises, your personal data, including your favorite usernames and passwords, have probably been stolen several times over. Rapid 7 estimates that there are upwards of 1.5 billion stolen username and password pairs circulating in the darknet.

Threat actors are always innovating fresh ways to monetize stolen usernames and passwords. So when the new storefronts came along, automation and scaling up of the distribution of account credentials quickly followed.

What emerged was a full-blown ecosystem to support the monetizing of stolen credentials.
...

Continue Reading