From May to December of last year, hackers directed credential abuse attempts at retail sites more than 10bn times according to new research from Akamai.
The firm’s 2019 State of the Internet / Security: Retail Attacks and API Traffic report shed light on the fact that the retail industry was the most targeted segment by hackers while also highlighting the prevalence of API-call traffic on the web and the misrepresentation of Ipv6-based traffic.
Akamai studied the credential abuse technique known as credential stuffing for its report and examined how hackers have begun to employ botnets to steal login credentials from retail websites. These stolen credentials are used to compromise accounts from which hackers acquire retail merchandise and resell it for cash.
According to the report, the AIO bots deployed by hackers are multi-function tools that enable quick purchases by leveraging credential stuffing and a number of evasion techniques. For example, a single AIO bot can target over 120 retailers at the same time.
Media and entertainment properties are notable credential abuse victims as well due to the highly valuable personal information these sites maintain. Since end users share their credit card information and demographic data when signing up for over-the-top (OTT) online streaming services, this data is particularly valuable to hackers who sell it on the black market.
Akamai also noted significant numbers of credential abuse attacks launched against financial services, hotel and travel and consumer goods sites.
Security Researcher and Editorial Director of the company’s latest report, Martin McKeay explained why retail sites have become a high value target for hackers in a statement, saying:
“The techniques change, but the motivation remains the same: greed. Retailers remain on the front lines, because stolen merchandise sells quickly and at a premium. And for that reason, the data shows which merchandise is of the highest value: Apparel sites are targeted the most.”
- We’ve also highlighted the best antivirus to help protect you from the latest cyber threats