State of the Internet / Security: Credential Stuffng Attacks 2AT A GLANCE malicious loginattempts detected by Akamai from bots in May and June. botnets attack across multiple domains, hiding their activity. malicious loginattempts per hour created by one botnet. The U.S., Russia, and Vietnam were the largest sources of credential stuffng attacks. 8.3 BillionLow & Slow 300,0002 State of the Internet / Security: Credential Stuffng Attacks 3 State of the Internet / Security: Credential Stuffng Attacks TABLE OF CONTENTS LETTER FROM THE EDITOR 4 OVERVIEW 5 BACKGROUND NOISE 6 AN OVERWHELMING ROAR 10 WORLDWIDE CREDENTIAL STUFFING 13 LESSON LEARNED 16 4 State of the Internet / Security: Credential Stuffng Attacks Welcome to the fourth issue of the State of the Internet / Security reportfor 2018. Our focus with this report is the effect of botnets on the FinancialServices industry and the continuation of our research into credential stuffng.We are taking a new direction and focusing on a topic other than DDoS, butnever fear, we’ll cover that topic again soon. If this is your frst time reading theState of the Internet / Security report, welcome — and we hope you fnd theknowledge contained herein valuable. The term “botnet” covers a lot of ground, from web crawlers to site scrapersto account takeover tools or even DDoS tools. Given that many businesseslive and die by their search engine rankings, the bots that organizations likeGoogle and Baidu use to organize the Internet for users are vitally important.But there’s a wide range of bots and botnets responsible for things like newsaggregation and site scraping where the value to the target organizations ishighly dependent upon business models and a host of other factors. We’re not talking about any of those in this report. One type of botnet focuses on a tactic considered malicious by every business: credential stuffng. These botnets attempt to log into a target site in order to assume an identity, gather information, or steal money and goods. They use lists of usernames and passwords gathered from the breaches you hear about nearly every day on the news. They’re also one of the main reasons you should be using a password manager to create unique and random strings for your passwords. Yes, remembering that “*.77H8hi9~8&” is your password is diffcult, but having your login at the bank compromised is a much bigger hassle. We see a signifcant amount of credential stuffng traffc at Akamai — over 30 billion malicious login attempts from the beginning of November 2017until the end of June 2018. Our stories in this issue cover attacks against twofnancial institutions that have experienced tens and hundreds of thousandsof attempts to log into their sites from credential stuffng botnets. We alsocontinue our efforts to better understand the overall trends in botnet traffc,examining activity in May and June. Every business is impacted by credential stuffng botnets. Many businessesjust see the traffc because of scatter shot scans, but fnancial services andretail sites are prime targets. Account takeover is proftable for attackers,guaranteeing that it will be a threat for the foreseeable future. Change is the onlyconstant. –Heraclitus of Ephesus LETTER FROM THE EDITOR MARTIN MCKEAY, SENIOR SECURITY ADVOCATE,AKAMAI 。。。。。。