Friday, 29 November 2019

Auth0: 50,000 unique IP addresses make credential stuffing attempts daily

KUALA LUMPUR, Nov 19 -- Auth0, the identity platform for application builders has revealed data insights showing the staggering amount of credential stuffing attacks attempted on its platform on a daily basis.

It detected attacks from more than 50,000 unique IP addresses every day, reflecting the growing sophistication and frequency of cybercrime, while credential stuffing attempts are constantly multiplying, with absolutely no slowdown in sight, according to a statement.

The sheer number of attempts is due largely to the ease and inexpensive manner in which credential stuffing attacks can be orchestrated. Getting access to breached passwords is the first step for attackers, and unfortunately, there are billions openly available on the Internet.

Between July and September 2019 alone, Auth0 determined that during a credential stuffing attack, traffic for a particular website might surge as much as 180x the usual volume, with traffic related to the attack itself accounting for 70 per cent of overall activity.

“Breached Password Detection and MFA functionality are the critical barriers for preventing credential stuffing attacks. We are continuously improving our features to detect and prevent, and will be rolling out new functionality to have even greater visibility into attacks,” said Auth0 CTO and co-founder, Matias Woloski.

Breached Password Detection with its internal database of more than one billion breached passwords, enables customers to block user accounts that try to login with compromised information and only grants access when the password has been reset.

Meanwhile, Multifactor Authentication (MFA) prevents account takeovers, whether from a credential stuffing attack or something else. Attackers would need to access not only a set of breached credentials used across accounts, but also the device used for the second factor to compromise an MFA-protected account.

More information at https://auth0.com.

-- BERNAMA

No comments:

Post a Comment