Menu
Sharp rise seen in attacks using stolen credentials

Sharp rise seen in attacks using stolen credentials

The attacks have been beating fraud detection systems

Organizations are seeing a sharp increase in attacks using stolen account credentials, with crooks using new techniques to beat fraud detection systems, according to Gartner.

Gartner clients have reported a "significant rise" over the last two months in the use of stolen credentials to access accounts, wrote fraud expert Avivah Litan in a blog post Thursday.

The hackers are trying to access systems related to credit cards and financial data, digital currency, travel rewards and high-end fashion -- "anything and everything that has monetary or resale value," Litan wrote.

The type of attack is not new, but the methods are making it more difficult to detect.

Sweeping attacks that try out thousands of stolen account credentials are usually detected and blocked quickly. But the fraudsters are going in low, slowing the pace of attacks and distributing attempts to gain access through a large number of computers.

"The average online retail attack will only use an IP address 2.25 times now before moving on to the next IP address," Litan wrote.

Account credentials may be tried only once or twice an hour from different endpoints on a botnet over days or weeks, a technique that makes the attempts appear less suspicious and harder to identify.

Other times, the fraudsters use networks associated with popular cloud services whose IP addresses are not considered malicious and will not be blocked, she wrote.

Device fingerprinting, a technique that involves mimicking certain parameters of a device to evade detection, is also slipping under the radar. Fraudsters who know a person's credit card details will try to access a service from an IP address in approximately the same geographic area that they live, for instance.

The account credentials used in the attacks are likely being obtained from data breaches at major services. Litan cited the discovery of a gang likely based in Russia called CyberVor that amassed 1.2 billion login credentials and 500 million email addresses from a variety of services.

The discovery was made by Hold Security, a Wisconsin-based firm that also detected major data breaches at Adobe and Target. Many observers shrugged off the discovery and questioned Hold's motives rather than "confronting the gravity of this finding," Litan wrote.

For companies trying to defend their properties, Litan said there are security systems on the market that can beat some of the new techniques. They include cloud-based systems that aggregate the metadata for IP addresses and devices used for transactions, and "deflection," a technique that scrambles website code and makes it harder for attackers to identify weak weak points.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Gartner

Events

Featured

Slideshows

Channel kicks 2021 into gear as After Hours returns to Auckland

Channel kicks 2021 into gear as After Hours returns to Auckland

After Hours made a welcome return to the channel social calendar with a bumper crowd of partners, distributors and vendors descending on The Pantry at Park Hyatt in Auckland to kick-start 2021.

Channel kicks 2021 into gear as After Hours returns to Auckland
The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

Hundreds of leaders from the New Zealand IT industry gathered at the Hilton in Auckland on 17 November to celebrate the finest female talent in the Kiwi channel and recognise the winners of the Reseller News Women in ICT Awards (WIICTA) 2020.

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards
Show Comments