Malicious logins are on the rise.
This is according to a new report by Akamai, which says there have been 3.2 billion malicious login attempts every month in the first four months of 2018. In May and June, however, the number jumps to more than 8.3 billion attempts – a 30 per cent monthly average rise. From November 2017 to the end of June 2018, there have been more than 30 billion malicious attempts.
These malicious attempts are the result of what’s usually called ‘credential stuffing’ – hackers get their hands on a bunch of passwords, and then use botnets to try and log in on various services, hoping one of the passwords will be valid on at least one service.
They try all kinds of services, from banks to retailers, to social media.
Akamai claims credential stuffing can cost organisations ‘millions to tens of millions’ of dollars in fraud losses, annually.
“One of the world’s largest financial services companies was experiencing over 8,000 account takeovers per month, which led to more than $100,000 per day in direct fraud-related losses,” said Josh Shaul, Akamai’s Vice President of Web Security.
“The company turned to Akamai to put behavioural-based bot detections in front of every consumer login endpoint and immediately saw a drastic reduction in account takeovers to just one to three per month and fraud-related losses down to only $1,000 to $2,000 per day.”
You can find the full report, titled 2018 State of the Internet / Security Credential Stuffing Attacks, on this link.
Image source: Shutterstock/Ai825