Advertisements

What is the Cyber Threat of Credential Stuffing

Today we talk about the attack of credential stuffing or credential stuffing, a dangerous cyberthreat that in recent months has been primed with companies like Dunkin Donuts or Yahoo.

Advertisements

Today we talk about the attack of credential stuffing or credential stuffing, a dangerous cyberthreat that in recent months has been primed with companies like Dunkin Donuts or Yahoo.

In the middle of cyberthreats era, credential stuffing, of growing trend, takes advantage of a data breach to access the accounts of thousands – or millions! – of users. How? Through the bombing of credentials, until they agree with the exact ones of the internauts. As detailed from Panda Security, to carry out the process the cybercriminal must have made -either through theft or purchase- a database formed by user accounts, with his identification name and password.

Although logging does not match the data, through specialized botnets, automatic logs are made to complete the identification process until the credentials are appropriate, allowing access to the platform. The companies affected in recent times have been Dunkin Donuts -in their case the credentials came from a data breach in the company DD Perks- or Yahoo, which in 2016 seriously compromised the accounts of some 500 million users, many of them put on sale in the Deep Web.

3 keys to avoid credential filler cyber attacks

From the Panda Security blog the experts propose three essential points to protect themselves from these cyber attacks:

  • Double authentication: Although it is not infallible, it is, as much as possible, essential within the companies and platforms.
  • Specific solutions for business cybersecurity: It is essential to monitor the data in all its states instead of the company opting to trust its invulnerability in the skills of its users when managing their passwords
  • Training and awareness: Companies must also install a series of prevention measures among their staff, since employees are the weakest link in the chain against cybercrime.

They should take into account guidelines such as not giving their credentials by email – something to avoid phishing, technical service scams or BEC scams – to recognize the signals of the various cyberbullies and report any possible incident.

Advertisements