Credential stuffing attacks are nothing new, and they are among the simplest for hackers to launch.
Credential stuffing is a type of cyberattack in which stolen account credentials - lists of usernames or email addresses and corresponding passwords - are used to gain unauthorised access to user accounts via large-scale automated login requests. For 'script kiddies', it may be one of the first things they try for the thrill of gaining access to systems. The potential for credential stuffing attacks is much greater for the more experienced - it can provide them with more information on an individual user linked to their finances, home life, etc, all of which can be used for fraud, making purchases or spending credit in the account accessed, or building a curated file on an individual that can be sold on the dark web for others to exploit.
The problem is that it does not end there. The hacker does not always measure the success of a credential stuffing attack in the above terms. After discovering a successful username/password combination, hackers will test that combination across the world's most popular consumer sites and services to see if the same credentials have been used elsewhere - and we all know how frequently the same password is used. Gaining access to a personal email account allows the hacker to lurk, read, learn, and exploit.
Keep in mind that credential stuffing attacks aren't always about gaining access. They are automated attacks in which thousands of credentials are thrown at a website and tested from various servers. This causes poor website performance and can even take them offline in a denial of service attack. Where this is the goal, no black market credentials are required.
Companies that are victims of credential stuffing attacks may suffer financial and reputational harm, as well as lose customer and investor trust.
Where does Trillion fit in?
In a nutshell, Trillion is a breached account dark web mining service that enables any organisation to identify potential threats on the dark web and provides the tools to combat them. Monitoring web and login traffic, using tools like Captcha, or even penetration testing are often insufficient to ensure risk is minimised.
With Trillion's visibility, an organisation can begin to understand their threat landscape and the remediation steps needed to render stolen data credentials useless to hackers. Data breaches occur on a daily basis, and a simple 'point-in-time' report will not suffice in the long run, which is why Trillion continuously tracks, correlates, and analyses billions of stolen usernames and passwords in search of digital identities. Having constant visibility of stolen credentials available on the dark web is critical to reducing security risk.
The attacks and tools that hackers use are becoming increasingly sophisticated. As an industry, we must combat credential stuffing. While we have only scratched the surface of what is possible, the point is that there is a lot we can do to reduce the likelihood of an attack occurring and to detect it quickly if it does occur.
To learn more about Trillion’s capabilities, please contact us to schedule a demo with one of our Product Specialists or use the link below.