As cryptocurrencies continue to grow in diversity, so too do the threats they face, specifically those targeting the cryptocurrency exchange. Now, more than ever, cryptocurrency exchanges are facing security threats in the form of volumetric and application layer DDoS and account takeover (ATO) attacks.
Although the success of cryptocurrency exchanges makes them especially attractive to cybercriminals, attacks of late are taking exchanges by surprise, and they are often not scaled or have not built a secure enough environment to fend off threats.
First things first, what is credential stuffing?
Glad you asked; credential stuffing or credential abuse is the deliberate theft and use of stolen usernames and passwords to access sensitive or high-value data for personal gain, espionage, or other malicious intent. When we say theft, these credentials could also have been ‘bought’ following a data breach, because, you know… cybercrime.
Anyway, in the following two – short – clips, Imperva Security Engineer Jonathan Gruber and Enterprise Security Expert Tal Stern demonstrate a successful account takeover attack using the Hydra credential stuffing tool:
And show us how Imperva users can create tailored Incaprules that specifically block future credential stuffing attacks:
If you’d like to see Jonathan and Tal’s full demo, check it out on BrightTALK here.
*** This is a Security Bloggers Network syndicated blog from Blog | Imperva authored by Gerhard Jacobs. Read the original post at: https://www.imperva.com/blog/2018/08/account-takeover-attack-using-credential-stuffing-and-how-to-protect-against/