HOTforSecurity
  • Home
  • Threats
    • Security alerts
    • Social Networks Security
    • Mobile & Gadgets Security
    • Tips and Tricks
  • Smart Home Security
  • Digital Privacy
    • Digital Identity
    • Good Practices
    • Data Breach Alerts
  • Work from Home: Safety Tips
  • The ABC of Cybersecurity
  • Security Videos
HOTforSecurity
  • Home
  • Threats
    • Security alerts
    • Social Networks Security
    • Mobile & Gadgets Security
    • Tips and Tricks
  • Smart Home Security
  • Digital Privacy
    • Digital Identity
    • Good Practices
    • Data Breach Alerts
  • Work from Home: Safety Tips
  • The ABC of Cybersecurity
  • Security Videos
HOTforSecurity
  • Home
  • Threats
    • Security alerts
    • Social Networks Security
    • Mobile & Gadgets Security
    • Tips and Tricks
  • Smart Home Security
  • Digital Privacy
    • Digital Identity
    • Good Practices
    • Data Breach Alerts
  • Work from Home: Safety Tips
  • The ABC of Cybersecurity
  • Security Videos
Filip TRUTA @FilipTrout
    Share This!
  • Facebook
  • Twitter
  • Pinterest
  • LinkedIn
  • ReddIt
Industry News

Researchers find bad bots designed for account takeover on 100% of websites with login pages

May 2, 2018
2 Min Read
Credit: Distil Networks

Locking out a “user” after too many failed login attempts should be a best practice by anyone who owns a website with a login field or subscription form, if a new research is any indication. Fraudsters are using elaborate – but predictable – techniques to execute account takeover (ATO) attacks for a variety of nefarious purposes.

Bad actors are engaging in ATO attacks to validate sets of login credentials, gain access to credit card data, and sell personally identifiable information on the dark web. They also use the stolen account data to transfer money, purchase goods, and even spread a specific political agenda, according to data gathered by Distil Networks.

By analyzing 600 domains that include login pages, researchers found that “all monitored login pages were hit with bad bot traffic, indicating that every website with a login page faces Account Takeover (ATO) attempts.”

Other key findings include:

  • 50% of ATO attacks come in the form of volumetric credential stuffing, where bad bot requests are easily identifiable and attempted in bursts
  • 50% of ATO attacks are through low and slow credential stuffing and credential cracking – consistent, continuous login requests made at a slow pace to avoid detection
  • Websites experience a 300 percent increase in volumetric attacks after credentials from a data breach are made public
  • One fifth of all analyzed attacks were preceded by a smaller scale “test round” a few days prior, which is considered purposeful by bot operators, but it’s also key element in the attack cycle that renders the attack predictable
  • Bot operators schedule attacks when it is presumed that fewer security professionals will be around to notice anomalies, namely on a Friday or Saturday

Website operators are offered a few mitigation tips, such as: block or captcha-secure outdated user agents/browsers; block known proxy services and exposed APIs; evaluate traffic sources and investigate traffic spikes; keep an eye out for one-too-many failed login attempts; monitor increases in failed validation of card numbers; and consider employing a bot mitigation tool.

Tagsaccount takeover ATO credit card fraud data breach fraud id theft stolen passwords

You may also like

Industry News

New ObliqueRAT Malware Campaign Now Integrates Steganography, Researchers Finds

3 days ago
Industry News

Microsoft Issues Exchange Server Updates for Four 0-Day Vulnerabilities Used by Chinese Hafnium APT

4 days ago
Industry News

Android Security Bulletin: Google Issues Fix for Critical Remote Code Execution Flaw in Android System

4 days ago

About the author

View All Posts

Filip TRUTA

Filip is an experienced writer with over a decade of practice in the technology realm. He has covered a wide range of topics in such industries as gaming, software, hardware and cyber-security, and has worked in various B2B and B2C marketing roles. Filip currently serves as Information Security Analyst with Bitdefender.

Blockchain-powered e-commerce startup leaks personal information of 25,000 early investors
After failing to jailbreak friend, Washtenaw County hacker gets seven years in prison
    Share This!
  • Facebook
  • Twitter
  • Pinterest
  • LinkedIn
  • ReddIt

Promo

1.3m
Fans
Like
104.8k
Followers
Follow
2.7k
Subscribers
Subscribe
18
Subscribers
subscribe
1.4m
Fans Love us

Recent shouts

  • Meurig Parri on Microsoft Ends Support for Windows 7. What You Need to Know
  • Kevin on Cable Haunt vulnerability affects millions of Broadcom cable modems
  • Terry on Ransomware attack forces Arkansas CEO to fire 300 employees days before Christmas
  • Martin on 1&1 Telecom GmbH hit by almost €10 million GDPR fine over poor security at call centre
  • Xander on 1&1 Telecom GmbH hit by almost €10 million GDPR fine over poor security at call centre

Time Machine

March 2021
M T W T F S S
1234567
891011121314
15161718192021
22232425262728
293031  
« Feb    

ANTIVIRUS SOFTWARE FOR HOME USERS

Bitdefender Cybersecurity for Smart Home
Bitdefender Complete Protection
Bitdefender PC Protection
Bitdefender Antivirus for Mac
Bitdefender Mobile Security for Android
Bitdefender Product Comparison

BUSINESS SOLUTIONS

Bitdefender GravityZone Business Security
Bitdefender GravityZone Advanced Business Security
Bitdefender GravityZone Enterprise Security
Bitdefender Hypervisor Introspection

TOOLS & RESOURCES

Renewal for Business Customers
Trial Downloads
Free Antivirus
Free Online Virus Scanner
Free Virus Removal Tools
Live Remote Assistance
Free Tools
Bug Bounty
Press Center

Powered by Bitdefender - a leading cyber security technology provider | Copyright © 2008 - 2016. All rights reserved.
  • Home
  • The Team
  • Terms and Conditions
  • Contact
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.Ok