The Distil Research Lab released their latest threat research report called The Anatomy of Account Takeover Attacks revealing that bad bots are on every website with a login page. Even yours.
Here’s the key findings from the report:
- Every website with a login page is under attack - 100% of websites researched suffered from account takeover attacks (ATO).
- Bot operators are evenly split in how they carry out ATO attacks - 50% of ATO attacks come in the form of volumetric credential stuffing, and the other half are through low and slow credential stuffing and credential cracking.
- Attacks increase after a data breach is made available on the dark web - In the days following a public breach, websites experience 3X more credential stuffing attacks than the average of 2-3 attacks per month.
- Almost 20 percent of all analyzed attacks were preceded by a smaller scale “test round” a few days prior - Some perpetrators test their bad bots a few days before a large scale account takeover attack. While such tests are smaller in scale, any baseline anomaly from failed logins should be investigated.
- Websites are most likely to experience ATO attacks on a Friday or Saturday. 39% of volumetric ATO attacks occur on a Friday or Saturday. This indicates that bot operators schedule attacks when it is presumed that fewer security professionals will be around to notice anomalies.
Download your copy of The Anatomy of Account Takeover Attacks.
About the Author
Anna leads the Distil Professional Services Security Analysts, a team of experts who helps companies manage their bot mitigation strategy. Her team works around the clock to identify emerging threats, creates complex blocking policies and researches bots. Prior to Distil she was heading the anti-scraping services at ScrapeSentry.More Content by Anna Westelius