Tag: credential stuffing
Levi’s breach exposes 72k customer details
Over 72,000 US consumers may have had their account details compromised following a cyber-attack on denim clothing giant Levi Strauss & Co. Almost two weeks ago, on June 13, Levi’s spotted an unusual spike in activity on its consumer-facing website and immediately realized its users were under threat. “Our investigation showed characteristics associated with a “credential stuffing” attack where bad actor(s) who have obtained compromised account credentials from another source (such as a third-party data breach) then use a bot attack to test these credentials against another website – in this case www.levis.com,” said Levi’s in a published notice detailing the data breach.
AI-engineered email attacks are on the rise
Email scams aimed at business users are becoming increasingly sophisticated and increasingly tough to detect. Threat actors are now using artificial intelligence to research their targets in advance of an attack, a process known as ‘social engineering.’ Phishing attacks and email scams that appear to come from a trusted source make up 35.5% of all socially engineered threats, according to a report from cybersecurity firm Barracuda: Top Email Threats and Trends. Although these types of attacks have been around for some time, cybercriminals have recently devised ingenious new methods to avoid detection and being blocked by email-scanning technologies.
‘Brute force’ cyber-attacks continue to escalate
Cybersecurity firm Okta reports a spike in ‘brute-force’ credential-stuffing attacks over the last month. This follows earlier reports of a spike in ‘brute force’ credential-stuffing attacks reported last week. Increasingly sophisticated ‘brute force’ attacks use trial and error techniques to crack passwords, login credentials, and encryption keys. New life is now also being breathed into what is essentially an old hacking technique, with widely available software using artificial intelligence (AI) that can carry out large numbers of attempts automatically.
167% Rise in Malicious Bot Attacks Reported – November 23rd
Arkose Labs reported a 167% rise in malicious bot attacks for the first half of 2023. The Arkose Labs report focused on bots also stated that 73% of all website and app traffic measured comprised of malicious bots in order to initiate attack types such as SMS toll fraud, web scraping, card testing, and credential stuffing.
Beware of Death by a Billion Bots
US corporations lose an average of 4.3 percent of their online revenues to malicious ‘bots,’ malware designed to resemble human communications. Malware attacks of this nature accounts for an average annual loss of $86.5 million a year for corporations with average annual online revenues of $1.9 billion, according to a new report from cybersecurity firm Netacea, “Death by a Billion Bots: The Accumulating Business Cost of Malicious Automation”.