Akamai state of internet reports that #retailers are most at risk of #credentialAbuse with 10B of the 28B attempts over 8 months in 2018 – and situation same in 2019 via Akamai Security Intelligenc…

Credential abuse and botnets abusing retailer inventories is a rising problem that needs attention. On average, organizations report experiencing 12.7 credential stuffing attempts each month, with each attempt targeting 1,252 accounts. We detected nearly 28 billion credential stuffing attempts between May and December 2018. Within the retail industry, the apparel vertical, experienced 3.7 billion attempts on its own, making it the largest targeted industry during the same timeframe. So why is retail, as well as apparel, such at hot target? Short answer? Money.

Sourced through Scoop.it from: blogs.akamai.com

WHY IT MATTERS: I find the number just huge and thus a cause for concern in the design of my systems, strategies and recommendations to my clients. I also include the definition of credential stuffing because 1) I did not know and 2) it shines a light into the power of having a global CDN network to perform those analyses…

2019 report: https://www.akamai.com/us/en/multimedia/documents/state-of-the-internet/soti-security-media-under-assault-report-2019.pdf

Credential abuse attempts were identified as unsuccessful login attempts for accounts using an email address as a username. In order to identify abuse attempts, as opposed to real users who can’t type, two different algorithms are used. The first is a simple volumetric rule that counts the number of login errors to a specific address. This differs from what a single organization might be able to detect because Akamai is correlating data across hundreds of organizations.
The second algorithm uses data from our bot detection services to identify credential abuse from known botnets and tools. A well-configured botnet can avoid volumetric detection by spreading its traffic amongst many targets, by using a large number of systems in its scan, or spreading the traffic out over time, just to mention a few countermeasures.

Farid Mheir
farid@mheir.com