Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Cyber Attacks
  • SEC’s Office of Compliance Inspection and Examinations Warns of a Sudden Increase in Credential Stuffing Hack
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

SEC’s Office of Compliance Inspection and Examinations Warns of a Sudden Increase in Credential Stuffing Hack

5 years ago Tripwire Guest Authors
SEC’s Office of Compliance Inspection and Examinations Warns of a Sudden Increase in Credential Stuffing Hack

Recently, the Securities and Exchange Commission’s exam division issued a Risk Alert (the “Alert”) where it carried out several targeted cybersecurity investigations. The agency is now concerned with how there’s been an increase in a specific type of hack known as “credential stuffing.“

This cyberattack involves using stolen credentials to log into web-based systems and issue the unauthorized transfer of client funds.

In this article, we’ll go into greater detail about credential stuffing and discuss ways to help you detect and prevent this type of attack.

What do we mean by “credential stuffing attacks”?

Credentials stuffing involves malicious hackers obtaining user credentials through breaches and then using the compromised data to get access to a system. It’s a very effective cyberattack method that uses automation and scaling bots.

Cybercriminals take advantage of the fact that users tend to use the same usernames and passwords across multiple services. This assumption is right to some extent. According to stats, approximately 0.1-0.2% of breach credentials can lead to a successful login when tried from another service.

Over the years, the security community has witnessed the appearance of several sophisticated bots that can simultaneously attempt multiple logins – each originating from other IP addresses. The fact that they can break through straightforward security measures, such as prohibiting entry from IP addresses that has too many failed logins, makes it a significant threat for us.

It’s also why adopting a multi-layer approach has become a necessity when it comes to ensuring software security and keeping critical data safe. For example, you can invest in DAST security tools or the act of running your applications on a web server with the purpose of locating any vulnerabilities as the application is being run. The availability of massive databases of breach credentials is another vulnerability you should consider.

How do credentials stuffing cyberattacks work?

Credentials stuffing has a very similar pattern to a brute force attack, but there are several key differences, as well.

While the latter is likely to succeed when users choose easy-to-guess passwords, the former is much more sophisticated since it takes advantage of users sharing passwords – even when they’re strong – across services, which leads to a compromise.

To carry out large-scale credentials stuffing attacks, the malicious hacker uses a bot that can fake different IP addresses and enter into multiple user accounts automatically in parallel.

They follow this up by executing an automated process to check whether the compromised user credentials work on multiple websites in parallel. This, in turn, allows them to eliminate the need to log into a single device several times.

For every successful login, the cybercriminal can get access to personal information, credit card information and other useful data from the hacked accounts. Additionally, they can either keep the personal information to use it in the future (commonly to launch more elaborate phishing attacks) or carry out other unauthorized activities through the compromised device.

The most effective way to curb the efforts of bad actors is to adopt a precautionary approach. Online platforms that require a password should carry out routine security checks to identify and patch vulnerabilities like in the case of Zoom.

Warning signs to detect credential stuffing attacks

Credential stuffing is regarded as “the biggest collection of beaches“ where cybercriminals compile hundreds of millions of stolen records and share them for free on hacker forums.

This is precisely why you should be aware of the warning signs as soon as possible. Some of these include the following:

  • Track notable site traffic changes, especially multiple login attempts on multiple accounts within a limited time frame.
  • Find out if there has been a significant increase in site traffic and take note of any recorded downtime caused by it.
  • Carefully analyze use cases when you see a higher than usual login failure rate.

We would also recommend using bot screening to stop the armies of bots sent by malicious hackers. You see, while the above warning signs are a good place to start, it isn’t 100% foolproof. However, when you have a sophisticated screening technology that can easily detect malware on new devices, your chances to prevent cyberattacks grow.

Best practices to prevent credential stuffing attacks

The good news in all this chaos is that you can prevent credentials stuffing attacks – provided you’re aware of the red flags.

Here are a few handy ways to keep your business and customer data fully secure:

Set a strong password

Luckily, people are more open than before to practice good cyber hygiene such as using a VPN to continue secure and anonymous browsing or avoiding spam emails. Despite this, their user password habits still need a lot of improvement.

Start by setting strict password complexity rules for all your password input fields. Using a password manager is vital, as it’s going to sync across all of the devices you have. Choose a strong password that will allow you to access the password manager. Ask your users then to incorporate special characters and numbers. Also, go for longer lengths.

Moreover, if any user’s passwords resemble that of a data breach, you can ask them to create new passwords to avoid any problems in the future. You can also send them useful tips on building stronger passwords when sending emails.

Set up multi-factor authentication

Multi-factor authentication, also known as two-factor authentication, should be enabled on every account, so you should take the necessary initiative to make this function available to users. Doing this will add another layer of security, making it more difficult for cybercriminals to penetrate the system.

Embed security into website design via CAPTCHA

Captcha is an excellent way to differentiate your real users from bots, which is why it can provide the best defense against credential suffering attacks.

That said, we also have to point out that solving CAPTCHAs can be automated, too. Many businesses pay people to solve CAPTCHA by clicking on those traffic light pictures.

To avoid falling prey to automated CAPTCHA solving, you can use reCAPTCHA instead. This is available in three versions:

  • An “invisible“ box, which is displayed only for suspicious users.
  • An “I‘m not a robot“ checkbox.
  • A “V3“ version that can evaluate users on the basis of their behavior and reputation.

Set up a passwordless login, if possible

Once malicious hackers successfully break through your system, they can deny access to your customers, restricting them from using their own resources. Since the entire basis of credentials stuffing lies in obtaining information through password vulnerabilities, why not remove them altogether?

You can use passwordless authentication, which is a much safer way to authenticate users, to ensure more confined access into their accounts.

Implement risk-based authentication (RBA)

RBA calculates a risk report according to a predefined set of rules, which can be related to anything – a login device, user identity details, geo velocity or geolocation, IP reputation, data sensitivity, personal characteristics and so on.

This type of authentication can be useful to curb high-risk scenarios by allowing your customers to use customizable password security.

Wrapping up: Prevention is always better

Cybercriminals are always coming up with creative ways to compromise your data and use them for their personal benefit – whether it’s disguising a malware attack as updates on President Trump’s coronavirus illness or launching new strategies to avoid detection. Credential stuffing is just another variation on the list.

Even if you’ve been secure from the cyber-attack until now, you must take the necessary measures to protect your website by looking for warning signs. Try to avoid using devices that are dependent on residential connectivity and implement required policy updates to raise awareness about this new risk type.

About the Author: Sam Bocetta is a freelance journalist specializing in U.S. diplomacy and national security with an emphasis on technology trends in cyberwarfare, cyberdefense, and cryptography.

Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.

The post ” SEC’s Office of Compliance Inspection and Examinations Warns of a Sudden Increase in Credential Stuffing Hack” appeared first on TripWire

Source:TripWire – Tripwire Guest Authors

Tags: Bug, Coronavirus, COVID-19, Critical Severity, Encryption, Goverment, Hacker, High Severity, Phishing, TripWire, Zoom

Continue Reading

Previous Scams Ramp Up Ahead of Black Friday Cybercriminal Craze
Next 7 Challenges that Stand in the Way of Your Compliance Efforts

More Stories

  • Critical Vulnerability

http://thehackernews.com/2026/02/docker-fixes-critical-ask-gordon-ai.html

5 hours ago [email protected] (The Hacker News)
  • Data Breach

[Webinar] The Smarter SOC Blueprint: Learn What to Build, Buy, and Automate

8 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

Hackers Exploit Metro4Shell RCE Flaw in React Native CLI npm Package

8 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Data Breach

When Cloud Outages Ripple Across the Internet

11 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

APT28 Uses Microsoft Office CVE-2026-21509 in Espionage-Focused Malware Attacks

13 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach

Mozilla Adds One-Click Option to Disable Generative AI Features in Firefox

16 hours ago [email protected] (The Hacker News)

Recent Posts

  • http://thehackernews.com/2026/02/docker-fixes-critical-ask-gordon-ai.html
  • [Webinar] The Smarter SOC Blueprint: Learn What to Build, Buy, and Automate
  • Hackers Exploit Metro4Shell RCE Flaw in React Native CLI npm Package
  • When Cloud Outages Ripple Across the Internet
  • APT28 Uses Microsoft Office CVE-2026-21509 in Espionage-Focused Malware Attacks

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT