Menu
Sharp rise seen in attacks using stolen credentials

Sharp rise seen in attacks using stolen credentials

The attacks have been beating fraud detection systems

Organizations are seeing a sharp increase in attacks using stolen account credentials, with crooks using new techniques to beat fraud detection systems, according to Gartner.

Gartner clients have reported a "significant rise" over the last two months in the use of stolen credentials to access accounts, wrote fraud expert Avivah Litan in a blog post Thursday.

The hackers are trying to access systems related to credit cards and financial data, digital currency, travel rewards and high-end fashion -- "anything and everything that has monetary or resale value," Litan wrote.

The type of attack is not new, but the methods are making it more difficult to detect.

Sweeping attacks that try out thousands of stolen account credentials are usually detected and blocked quickly. But the fraudsters are going in low, slowing the pace of attacks and distributing attempts to gain access through a large number of computers.

"The average online retail attack will only use an IP address 2.25 times now before moving on to the next IP address," Litan wrote.

Account credentials may be tried only once or twice an hour from different endpoints on a botnet over days or weeks, a technique that makes the attempts appear less suspicious and harder to identify.

Other times, the fraudsters use networks associated with popular cloud services whose IP addresses are not considered malicious and will not be blocked, she wrote.

Device fingerprinting, a technique that involves mimicking certain parameters of a device to evade detection, is also slipping under the radar. Fraudsters who know a person's credit card details will try to access a service from an IP address in approximately the same geographic area that they live, for instance.

The account credentials used in the attacks are likely being obtained from data breaches at major services. Litan cited the discovery of a gang likely based in Russia called CyberVor that amassed 1.2 billion login credentials and 500 million email addresses from a variety of services.

The discovery was made by Hold Security, a Wisconsin-based firm that also detected major data breaches at Adobe and Target. Many observers shrugged off the discovery and questioned Hold's motives rather than "confronting the gravity of this finding," Litan wrote.

For companies trying to defend their properties, Litan said there are security systems on the market that can beat some of the new techniques. They include cloud-based systems that aggregate the metadata for IP addresses and devices used for transactions, and "deflection," a technique that scrambles website code and makes it harder for attackers to identify weak weak points.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk


Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags Gartnersecurity

Featured

Slideshows

Sizing up the NZ security spectrum - Where's the channel sweet spot?

Sizing up the NZ security spectrum - Where's the channel sweet spot?

From new extortion schemes, outside threats and rising cyber attacks, the art of securing the enterprise has seldom been so complex or challenging. With distance no longer a viable defence, Kiwi businesses are fighting to stay ahead of the security curve. In total, 28 per cent of local businesses faced a cyber attack last year, with the number in New Zealand set to rise in 2017. Yet amidst the sensationalism, media headlines and ongoing high profile breaches, confusion floods the channel, as partners seek strategic methods to combat rising sophistication from attackers. In sizing up the security spectrum, this Reseller News roundtable - in association with F5 Networks, Kaspersky Lab, Tech Data, Sophos and SonicWall - assessed where the channel sweet spot is within the New Zealand channel. Photos by Maria Stefina.

Sizing up the NZ security spectrum - Where's the channel sweet spot?
Show Comments