Cybercriminals are always on the lookout for new ways to steal credentials. To get access to corporate networks and exfiltrate critical data, attackers exploit stolen or compromised credentials. Credential stuffing attacks are prevalent among adversaries because they are simple to carry out and have a high success rate.
According to the IBM Cost of Data Breach 2021 Report, the most prevalent initial attack vector, leaked credentials and was accountable for 20% of breaches at an average breach cost of USD 4.37 million.
Multi-Factor Authentication (MFA) should be employed
Credential stuffing is based on automated scripts and systems that can’t simply supply extra authentication factors, such as mobile phone authenticator tokens or two-factor authentication tokens received via email or SMS. Credential stuffing attacks can be mitigated by requiring users to authenticate with additional authentication factors. It’s important to remember that attackers can and will target MFA mechanisms, therefore businesses must secure them from brute-force attacks.
Strong passwords should be enforced and managed
While MFA increases the number of barriers, each one must be as powerful as possible. Many types of MFA logins, for example, only ask for the second form of authentication after the first has been verified. This implies that while an attacker may not be able to obtain access, they will be aware that they used the correct credentials. They can then launch a password spray attack against the remainder of the network, potentially exposing applications that don’t support MFA. As a result, it’s critical to make passwords as complicated as possible.
Keep an eye on the critical metrics
Statistics such as the login success rate and the rate of password reset requests can be quite useful. Corporate IT and security teams should keep an eye on systems for evidence of attackers compromising accounts using stolen credentials. They can stop the attack in its tracks if they can discover these attempts early.
Also Read: Top Three Security Mistakes CISOs Make today
For a solid security posture, use multiple layers of defense
Both IT environments and their attackers have become considerably sophisticated to be protected by a single password. Security plans must be as diverse as the infrastructures they safeguard. Password-focused products, such as password managers and multi-factor authentication (MFA), must be used in conjunction with other solutions, such as antivirus and other forms of threat detection. These can be used as a proactive, preventative approach against malware attacks, as well as a reactive method when a system is infected with advanced persistent threats. Enterprises can be prepared for any form of security attack or turmoil by employing dynamic risk management.
Make use of anomaly detection software
These could be free or enterprise-grade online threat intelligence solutions that can help discover risk signals like a password breach or a higher-than-normal number of unsuccessful login attempts. These can also be used to determine whether there is a sudden or unusual spike in the number of IP addresses visiting a website, which could indicate malicious activity.
For each login attempt, requiring a user to solve a CAPTCHA can help to avoid automated login attempts, which can dramatically slow down a credential stuffing attack. CAPTCHAs, on the other hand, are not immaculate, and attackers can use particular tools to bypass them with a high success rate. To increase usability, requiring the user to answer a CAPTCHA only when the login request is deemed suspicious, using the same criteria as for using MFA, may be beneficial.