The report titled ‘Credential Stuffing: Attacks and Economies’ by technology giant Akamai highlights that India reported 1.4 lakh account takeover (ATO) login attempts every hour. Cybercriminals use stolen or generated username and password combinations to breach the security of internet accounts. This report comes close on the heels of another critical report by IBM that revealed
Indian tech firms are unable to handle hacking attempts.
Akamai’s report observes, “Each attack represented an attempt by a person or computer to log in to an account with a stolen or generated username and password. The vast majority of these attacks were performed by botnets or all-in-one (AIO) applications.”
Number of hacking attempts using credential stuffing across the world stands strong at 30 billion in 2018. These hackers use proxy servers located across the globe to mask their identity and attempt to breach databases.
The report said, “Credential stuffing attempts can advance to full-blown account takeovers and compromises because people tend to use the same password across multiple websites – or the passwords they are using are easily guessed, and they generated credentials.”
Botnet leading to ATO attacks
The number of botnet attacks are increasing across the world. Botnets are groups of computers that use pre-programmed commands. These botnets can be instructed to find accounts that are vulnerable to being accessed by someone other than the account owner.
(Image credits: ToI)
India witnessed 120 crore ATO logins in 2018. Compared to India, the US reported more than 1200 crore ATOs. US is the number one hack attack destination as most popular target companies are based out of US.
There is a huge demand for stolen media and entertainment accounts. This opportunity has made media, gaming, and entertainment services as prized targets for cybercriminals. They sell Netflix, Prime subscription account login credentials in bulk.