As per Arkose Labs' research, there were over two billion credential stuffing attacks (2,831,028,247) in the last 12 months, with the number increasing exponentially between October 2020 to September 2021.
This form of online fraud has increased by 98 percent over the previous year, and it is projected to spike during the Christmas shopping season.
Credential stuffing attacks in 2021 accounted for 5% of all web traffic in the first half of 2021.
Credential stuffing is the most recent cyber-attack technique used by online criminals to obtain unauthorized access to users' financial and personal accounts.
Cybercriminals take control of real user accounts and monetize them in a variety of ways. These include draining money from compromised accounts, collecting and reselling personal information, selling databases of the known verified username and password combinations, and exploiting compromised accounts to launder money obtained from other illegal sources.
People who reuse the same username/password combination across various sites are frequently targeted by cybercriminals.
The anti-fraud community has highlighted credential stuffing as an increasing problem in recent years. However, due to the jump in internet activity in the pandemic and the growth of online purchasing, it has risen in recent months.
Credential stuffing increased 56 percent during the Christmas and New Year shopping season last year, according to research analysts, with forecasts that the same period in 2021 will witness up to eight million attacks on consumers every day.
The Arkose Labs network detected and blocked 285 million credential stuffing assaults in the first half of 2021, with spikes of up to 80 million in a single week. In just one week, one intensively targeted social media organization experienced 1.5 million credential stuffing attacks.
Kevin Gosschalk, CEO at Arkose Labs stated, “The global e-commerce landscape is more connected than ever before and personal information has become the currency of fraudsters. Credential stuffing is prolific. It’s become an enormous concern to online businesses and is fast overtaking other well-known attack tactics, such as ransomware, as THE cyber attack to watch out for.”
“Fraudsters are compelled to this type of cybercrime as the low barrier to entry makes it easy to deploy and online criminals can generate profits with just one successful compromised account. Their volumetric approach can come on abruptly, quickly overloading businesses’ servers and putting customers at risk.”
Other key information
According to the research team's newest findings,
- The top attacked industries by sector include gaming, digital and social media, and financial services.
- Credential stuffing assaults accounted for over half of all attacks aimed at the gaming industry.
- The United Kingdom was also named as one of the top three regions that carried out the most credential stuffing attacks against the rest of the world.
- Alongside, Asia and North America, both demonstrated massive amounts of fraudulent activity emanating from their respective regions.
- During the first half of 2021, mobile-based attacks accounted for approximately one-quarter of all attacks.