In its latest State of Secure Identity Report, Okta, a provider of identity solutions, shows that attempts to log in with stolen credentials – the so-called “credential stuffing” – are the biggest threat to customer accounts.
For the trends, examples, and observations presented in the report, Okta evaluated billions of authentications on its Auth0 platform. In credential stuffing, attackers exploit the habit of some users to use a single password for multiple logins. It begins by stealing usernames and passwords, then using automated tools to access other accounts of the user on other websites. When an account holder uses the same or similar password for multiple websites, a domino effect occurs: a single pair of credentials is then sufficient to steal information from multiple accounts or logins for that user.
According to findings from Okta, in the first 90 days of 2022 there were nearly 34 billion login attempts worldwide using hijacked credentials. That's XNUMX percent of all authentication traffic.
Retail hardest hit
Credential stuffing primarily affects private online shopping worldwide. Attackers are targeting, for example, loyalty points, limited editions or the sale of customer access. Credential stuffing accounts for less than 80 percent of logins in most industries. In retail and e-commerce, on the other hand, this rate is 50 percent. In the financial services and entertainment industries, on the other hand, more than 50 percent of logins are due to credential stuffing. In contrast, in the same period last year, credential stuffing accounted for more than XNUMX percent of logins in any vertical market.
In Germany and Great Britain, credential stuffing is constantly at a low level, but is interrupted by isolated waves of attacks. In the Netherlands, most of the activity (70%) is related to normal login processes. The rate of malicious traffic is the lowest of any country surveyed. Attacks with stolen login data account for only three percent of login processes. This value is even lower than the attack attempts to bypass multi-factor authentication (5%).
Threat actors are also targeting MFA systems
In the first half of 2022, the Auth0 platform saw more attempts to bypass multi-factor authentication (MFA) than ever before, with nearly 113 million events. A major MFA attack in the run-up to a “long” weekend was noticeable in some European countries. This targeted exactly 50 phone numbers to which over 31 SMS MFA codes were sent between January 2022, 24 and February 2022, 100.
Cybercriminals focus their attacks on four vertical markets around the world:
- HR/Recruiting (4,5%, vs. 1,6% in the previous year)
- Public Sector (4,0%, vs. 2,8% a year ago)
- Retail/e-commerce (3,7%, vs. 2,8% a year ago)
- Financial Services (3,9%, vs. 2,9% a year ago)
Bots: Increasing number of fraudulent registrations
The number of fraudulent registrations varies by vertical market. Globally, about 23 percent of all attempts to register a new account can be traced back to bots. In the previous year, the value was still 15 percent. Energy, utility, and financial services companies accounted for the highest proportion of registration fraud attacks. These threats accounted for 64,8 and 72,5 percent of enrollment attempts, respectively. In the media, bots are behind about a third (37,4%) of all attempts to register a new account.
More at auth0 from Okta.com
About Okta Okta is the leading independent provider of enterprise identity and access management solutions. The Okta Identity Cloud empowers organizations to securely connect the right people, with the right technologies, at the right time. With 7.000 pre-built integrations with applications and infrastructure providers, Okta customers can easily and securely leverage the best technologies for their business.