In 2018, India reported about 1.4 lakh account takeover (ATO) login attempts every hour from people using stolen or generated username and password, a latest cyber security report has revealed.
According to the 2018 ‘Credential Stuffing: Attacks and Economies’ report
by global firm Akamai, India was the second most preferred target destination after the US, recording more than 120.8 crore ATOs in just the one year.
“Each attack represented an attempt by a person or computer to log in to an account with a stolen or generated username and password. The vast majority of these attacks were performed by botnets or all-in-one (AIO) applications,” the report accessed by TOI read.
Akamai recorded nearly 30 billion credential stuffing—breaching of databases—attacks in 2018.
Botnets are groups of computers tasked with various commands and they can be instructed to find accounts that are vulnerable to being accessed by someone other than the account owner; these are called account takeover (ATO) attacks.
AIO applications allow an individual to automate the login or ATO process, and they are key tools for account takeovers and data harvesting.
Compared to India, the US saw more than 1,200 crore ATOs, while Canada, which was the third most preferred target country saw 102.5 crore ATOs. “The US is the number one spot for attack destinations because many of the most popular targets are based there,” the report said.
Akamai said that most of these attacks were launched on media organizations, gaming companies, and the entertainment industry. “The people behind these attacks realize the value of an account, whether it’s to a streaming site, a game, or someone’s social media account. And they’re willing to do whatever it takes to steal them,” the report reads.
So far as the sources from where attacks are launched go, the US occupied the first place again given that “most of the credential stuffing tools are developed there”, with Russia being a close second and Canada in third place. India stands at the fifth place with 62 crore such logins traced back to the country, while the top four—US, Russia, Canada and Vietnam—together account for 861 crore of such logins.
Cyber expert Mirza Faizan Asad, says: “The most important aspect is once a user logins to media accounts or gaming/entertainment services, he will share his credentials with the owners of the service providers. It’s the duty of the service providers to boost up there security and safeguard user data. We’ve have about heard many big IT companies storing users data like username and password in plain text file, which is a security loophole that allows hacking with simple SQL tools and sell those data into underground markets for high rates.”
The market for stolen media and entertainment accounts is thriving, the report says reiterating that media, gaming, and entertainment industries are prized targets for criminals who are looking to trade in stolen information and access.
The accounts are sold in bulk, and the goal for the criminals is to move their goods by volume, rather than single account sales.
“Many accounts compromised via credential stuffing will sell for as little as $3.25. These accounts come with a warranty: If the credentials don’t work once sold, they can be replaced at no cost, which is a service sellers offer to encourage repeat purchases,” the report notes.
Credential stuffing attempts can advance to full-blown account takeovers and compromises because people tend to use the same password across multiple websites — or the passwords they are using are easily guessed, and they generated credentials.―Times of India