Credential Stuffing Botnets

According to a new report from technology company Akamai, there were over 30 billion malicious login attempts between November 2017 and the end of June 2018, with activity spiking towards the end of this period. The UK was found to be the sixth most targeted country for this type of attack.

Botnets will use breached credentials to attempt to logon to another website. Consequently, one of the most effective ways of managing these credential stuffing botnets is the ‘low and slow’ method, which sees attackers attempt to camouflage their attack amongst legitimate traffic whilst limiting the number of attempts made. The more attempts made, the more valid login credentials will be identified. However, the botnets need to be carefully managed to ensure victims do not notice this activity, possibly mistaking them for a DDoS attack due to the high volumes of traffic they generate.

It is worth noting that not every attack tried to be discreet. This could be because of the (lack of) skill of the botnet operator or that it is actually designed to DDoS the victim. For example, one organisation that saw 7 million legitimate logins over six days also saw over 8½ million malicious login ateempts over the same period.

Note: Credential stuffing is the technique of using compromised credentials (i.e. usernames and passwords) to try and access other websites. This technique can be successful when people reuse the same password across a number of different websites.