Fighting Credential Stuffing Attacks

) • December 10, 2018     10 Minutes   

Credential abuse attacks and identity theft incidents are rising, with attackers leveraging botnets to launch coordinated campaigns with high success rates, says Aseem Ahmed of Akamai Technologies, who shares best practices for mitigating the threats.

More than 30 billion malicious login attempts were carried out globally between November 2017 and June 2018, according to research conducted by Akamai, Ahmed says in an interview with Information Security Media Group.>

"The financial services industry is under constant attack from automated account takeover tools. ... E-commerce, travel and hospitality verticals are also very often targeted," he says.

It's difficult to determine the exact cost to the business from credential abuse attacks. Among the factors that must be considered, Ahmed says, are money lost, the cost of prevention and remediation, and customer abandonment rates after a credential abuse incident.

In this audio interview (see player link below image), which is the second in a two-part series, Ahmed talks about:

The cost to business from credential stuffing attacks; The industry verticals most impacted; Global best practices to mitigate credential abuse, including using a defense-in-depth approach.

In part one of the interview, Ahmed discusses how malicious bots and botnets are becoming increasingly common and sophisticated and why enterprises need to address them in their risk assessments and security frameworks.

Ahmed is senior product manager for cloud security in Asia Pacific at Akamai Technologies. He is responsible for identifying market opportunities in cloud security, translating ideas into product requirements, gathering and consolidating customer feedback, evangelizing product vision and strategy, as well as overseeing aspects of the product design and development lifecycle while partnering with cross-functional teams on go-to-market activities. With over 10 years of experience in security services and consulting, cloud security solution architecture, incident handling and IT Infrastructure management, Ahmed has built a strong understanding of customer and market requirements. Previously, he has worked in technical roles at Microsoft and Convergys.