Cyberattacks with login credentials mean that cybercriminals use stolen usernames and passwords in an attempt to gain access to additional accounts and systems. For example, a cybercriminal could obtain a target username and password for a social media account and use the same credentials to try to access the victim’s other systems (such as email accounts, banking applications, or workplace networks). From there, the cybercriminal can steal sensitive data stored in these systems and even use this information to engage in other malicious acts, such as illegal money transfers.
These cyberattacks operate under the assumption that individuals often use the same login credentials in different systems, allowing a cybercriminal to use only a combination of usernames and passwords to compromise multiple accounts. According to surveys by software company NortonLifeLock, more than half (52%) of individuals repeat usernames and passwords among their systems, making them increasingly vulnerable to login fulfillment incidents.
In addition to jeopardizing individuals̵7; accounts, these cyberattacks can also have significant consequences for companies. In fact, the Ponemon Institute recently reported that companies lose an average of $ 6 million each year due to application shutdowns, lost customers, and increased IT costs. In addition, these cyber attacks are increasing. According to surveys by the software company Arkose Labs, more than 2.8 billion login incidents occurred in 2021, which corresponds to an increase of 98% from 2020. As such, it is important for companies to take measures to protect themselves against these cyber attacks.
How Credential Stuffing Cyberattacks Work
A cyber attack for resume usually occurs in four main phases. Here is a breakdown of these phases:
- Get login details—First, a cybercriminal will compile a list of stolen usernames and passwords from a number of victims. The cybercriminal can get this login information in various ways, for example by using phishing scams or buying them on the dark web. According to a recent survey conducted by the security company Digital Shadows, there are more than 15 billion stolen usernames and passwords circulating on the Internet resulting from almost 10,000 data breaches.
- Configure a botnet– Then the cybercriminal will enter his list of stolen login information within a robot network, also called a botnet. A botnet is a collection of devices that are injected with malware in order to be controlled by a single party and exploited in cyber attacks. The cybercriminal will use the botnet to test the stolen usernames and passwords against several websites and systems at the same time, to search for possible matches.
- Identify successful login attempts– After using the botnet to test stolen usernames and passwords, the cybercriminal will record all successful login attempts and review the accounts or systems they have accessed.
- Compromise with accounts, systems and dataFinally, cybercriminals will use their unwanted access to victims’ accounts and systems to engage in a variety of malicious activities. These activities may include changing account settings, taking over systems, revealing sensitive information, making fraudulent purchases, transferring money or carrying out further cyber attacks.
Why Credential Stuffing Cyberattacks Increase
In recent years, cyber-attacks with credentials have become a growing problem and increased in both cost and frequency. There are several reasons behind this trend, including the following:
- Greater access to credentials– An increasing number of login details have been revealed online in recent years, largely due to an increase in data breaches. As a result, cybercriminals have gained easier access to stolen usernames and passwords, making incidents of login information increasingly common.
- Further technical progress– The technology used to carry out cyber attacks for cyber attacks, such as botnets and similar automation tools, has also advanced over time. This technological development has helped cybercriminals circumvent traditional security measures for logging on to various devices and systems, as well as increasing the speed with which they can test stolen credentials. Overall, such advances have enabled cybercriminals to increase both the efficiency and simplicity of incident-filled credentials.
- Reduced entry barriers—In response to the aforementioned developments, the total costs and skills required to carry out identity-blocking incidents have decreased, reducing barriers to entry and allowing a larger pool of cybercriminals to launch these cyberattacks. At present, cybersecurity experts estimate that a login fulfillment incident can be distributed for as little as $ 50.
- Increased problems with teleworking—The proportion of teleworkers has soared in recent years – a trend that is expected to continue for the foreseeable future. Still, many remote employees lack the same security features within their home offices and personal devices compared to their workplace offerings, making them more vulnerable to cyberattacks (including log-in incidents).
- Added discovery difficulties—To help identify and combat cyberattacks, many individuals and companies have installed various types of security software on their technology. However, because cybercrime incidents involve cybercriminals using genuine usernames and passwords and pretending to be legitimate parties, these cyberattacks have proven to be more challenging for certain software to detect and combat. These detection difficulties have since made login fulfillment incidents a more attractive attack method among cybercriminals.
Examples of cyber attacks with login filling
Several notable cyberattacks have occurred in recent years, affecting several well-known companies, their employees and their customers. Some of these incidents include:
- Marriott International– In 2018, the hospitality company Marriott International experienced a cyber attack when a hacker obtained two employees’ login information and used them to compromise sensitive data belonging to more than 5 million customers stored in the company’s system.
- Zoom– During the emergence of teleworking and video conferencing in 2020, cybercriminals launched an incident with login credentials against the software company Zoom, stealing 500,000 usernames and passwords for customers and selling this information to online crime forums.
- NintendoAlso in 2020, hackers implemented a cyber attack on the video game company Nintendo, which resulted in account takeovers and financial losses for 160,000 customers.
- Spotify– In 2021, the audio streaming company Spotify had a login incident when cybercriminals received login information from a malicious database to compromise the accounts of more than 100,000 customers.
Given these cyberattacks and their associated consequences, it is clear that companies need to implement measures to help prevent and mitigate potential losses arising from login credentials.
Measures that companies can take
Businesses should consider the following measures to effectively avoid and minimize damage resulting from cyberattacks with login credentials:
- Establish password protocols. Require employees to create complex and unique passwords for all accounts and systems in the workplace. These passwords should vary between each individual account and system to help reduce the likelihood of login incidents. It can also be valuable to give employees access to password management software to keep track of their credentials.
- Use effective security software. Some security software can be particularly useful for identifying and mitigating cyberattacks that are loaded with credentials. Such software includes botnet detection technology, firewall for website applications, internet traffic filters and multifactor authentication tools. This software should be installed on all workplace devices and updated regularly to ensure efficiency. Employees should also be required to use this software on personal devices if they use such technology for work purposes.
- Conduct training on cyber security. Employees should receive routine training on potential cyber threats and ways to mitigate them. In the event of login incidents, it is crucial to educate employees about the importance of maintaining proper password hygiene, keeping up to date with security software updates, and looking for signs that their accounts or systems may have been compromised (e.g., changed settings, modified data, unwanted purchase or missing money).
- Have a plan. Establishing a cyber incident management plan can help ensure that the necessary procedures are taken when cyber attacks occur, thus keeping related damage to a minimum. This plan should be well-documented, practiced regularly, and address a range of cyber-attack scenarios (including curriculum vitae incidents).
- Ensure adequate coverage. Finally, it is important to buy adequate cyber insurance to protect against losses that may arise from incidents with login bans. It is best to consult a trusted insurance specialist to discuss specific coverage needs.
We can help.
In the end, resume cyberattacks are a growing threat to all companies, with the potential to gradually worsen in the future. By implementing appropriate preventive and intervention measures, companies can remain adequately protected from these incidents.
If you want additional information and resources, we are here to help you analyze your needs and make the right coverage coverage to protect your business from unnecessary risks. You can download a free copy of our e-book, or if you are ready to make Cyber Liability Insurance part of your insurance portfolio, request a proposal or download our Cyber & Data Breach Insurance Application and we will to work for you.