Menu
Sharp rise seen in attacks using stolen credentials

Sharp rise seen in attacks using stolen credentials

The attacks have been beating fraud detection systems

Organizations are seeing a sharp increase in attacks using stolen account credentials, with crooks using new techniques to beat fraud detection systems, according to Gartner.

Gartner clients have reported a "significant rise" over the last two months in the use of stolen credentials to access accounts, wrote fraud expert Avivah Litan in a blog post Thursday.

The hackers are trying to access systems related to credit cards and financial data, digital currency, travel rewards and high-end fashion -- "anything and everything that has monetary or resale value," Litan wrote.

The type of attack is not new, but the methods are making it more difficult to detect.

Sweeping attacks that try out thousands of stolen account credentials are usually detected and blocked quickly. But the fraudsters are going in low, slowing the pace of attacks and distributing attempts to gain access through a large number of computers.

"The average online retail attack will only use an IP address 2.25 times now before moving on to the next IP address," Litan wrote.

Account credentials may be tried only once or twice an hour from different endpoints on a botnet over days or weeks, a technique that makes the attempts appear less suspicious and harder to identify.

Other times, the fraudsters use networks associated with popular cloud services whose IP addresses are not considered malicious and will not be blocked, she wrote.

Device fingerprinting, a technique that involves mimicking certain parameters of a device to evade detection, is also slipping under the radar. Fraudsters who know a person's credit card details will try to access a service from an IP address in approximately the same geographic area that they live, for instance.

The account credentials used in the attacks are likely being obtained from data breaches at major services. Litan cited the discovery of a gang likely based in Russia called CyberVor that amassed 1.2 billion login credentials and 500 million email addresses from a variety of services.

The discovery was made by Hold Security, a Wisconsin-based firm that also detected major data breaches at Adobe and Target. Many observers shrugged off the discovery and questioned Hold's motives rather than "confronting the gravity of this finding," Litan wrote.

For companies trying to defend their properties, Litan said there are security systems on the market that can beat some of the new techniques. They include cloud-based systems that aggregate the metadata for IP addresses and devices used for transactions, and "deflection," a technique that scrambles website code and makes it harder for attackers to identify weak weak points.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

Subscribe here for up-to-date channel news

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags Gartnersecurity

Featured

Slideshows

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards

Revealed at a glitzy bash in Sydney at the Ivy Penthouse, the first StorageCraft Partner Awards locally saw the vendor honour its top-performing partners with ASI Solutions, SMBiT Pro, Webroot, ACA Pacific and Soft Solutions New Zealand taking home the top awards. Photos by Maria Stefina.

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards
Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip

Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip

​Synnex and Lenovo hosted 18 resellers for an action-packed weekend adventure in RotoVegas, taking in white water rafting on the Kaituna River, as well as quad biking and dinner at Stratosfare​, overlooking Lake Rotorua at the top of Mount Ngongotaha​. Photos by Synnex.

Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip
Show Comments