A credential detects credential stuffing attacks a large set of stolen credentials from previous breaches and aims to breach accounts. The attack targets users by using automated tools to “stuff” a list of stolen usernames and passwords into login pages at multiple websites, often in seconds. Attackers can use these compromised credentials to infiltrate accounts, pilfer personal and financial information, and disseminate malware or ransomware.
Stolen credentials are easily obtained from a range of sources, including data breaches and hacker forums. In addition, most people reuse the same passwords for multiple accounts, creating a high likelihood that the same login credentials will work at various websites. For these reasons, cybercriminals can launch a credential stuffing attack with little effort and low risk.
Spotting the Intruder: How to Detect Credential Stuffing Attacks Before They Impact Your Business
As a subset of brute force attacks, credential stuffing leverages bots and intelligent automation tools to test stolen passwords against numerous sites simultaneously. This can cause web servers to become overloaded with login attempts, resulting in slow site performance or even complete site outages.
One of the most devastating aspects of this type of attack is that it can lead to lateral movement, in which an attacker exploits compromised credentials to move across the network and gain further access. For example, the 2021 attack on domain name registrar RIPE NCC used stolen credentials to gain entry into SSO and a web application.
The good news is that these types of attacks are preventable. Businesses can stop this threat by requiring 2FA/MFA, encrypting sensitive data, and implementing anomaly detection technologies. Proofpoint’s data loss prevention (DLP) solutions can also help detect unauthorized credential stuffing by monitoring the movement of PII and sensitive files in your organization’s cloud, endpoint, and web channels.