A post by Gilad David Maayan on the Cyber Security Intelligence website (https://wwwcybersecurityintelligence.com/blog/what-is-a-credential-stuffing-attack-and-how-to-protect-your-organization-6919.html) describes credential stuffing as a cyber attack using stolen or leaked combinations of usernames and passwords from a website or service to gain unauthorized access to other sites or services.
By using the same username and password in multiple accounts, people are vulnerable to this type of attack. Here's how it works:
- Attackers acquire a large number of username-password combinations from various sources - data breaches, leaks, phishing, etc.
- Attackers use automated tools or bots to test the credentials on multiple websites or services.
- Using these tools, attackers attempt to log in with stolen credentials, typically at a high volume and speed.
- When a login is successful, attackers gain unauthorized access to a user's account, and use it for criminal purposes.
- Once the account is compromised, attackers can use it for further attacks, sell it, or harvest sensitive information.
There are multiple strategies against credential stuffing:
- Implement behavioral analytics to identify suspicious activity.
- Avoid using email addresses as user IDs.
- Use multi-factor authentication.
- Restrict the number of login attempts from a specific IP address.
- Use a managed Security Operations Center. SOCs provide threat intelligence, monitoring and detection, and incident response services.
Your security professionals or outsourced IT services should be using these strategies to protect you from credential stuffing.