SBN

Introducing Credential Stuffing Awareness Week

Arkose Labs is kicking off the first annual week devoted to bringing awareness to the significant problem of credential stuffing. These attacks severely harm consumers, drain business revenue and erode trust on digital platforms. To create a truly safe internet for all, the bane of credential stuffing must be stopped. 

Credential stuffing is a plague on the entire digital economy. In the first half of 2021, our network detected and stopped 285 million credential stuffing attacks–29% of all total fraud attacks–with spikes upwards of 80 million in a single week. Making matters even worse, these attacks affect the bottom line, with 46% of businesses reporting that these attacks have led to decreased revenue. One estimate pegs the annual average cost of credential stuffing to businesses at $6 million. 

In an effort to increase awareness about this increasingly damaging threat that continues to impact businesses around the globe, I am pleased to announce that Arkose Labs today has kicked off the inaugural Credential Stuffing Week, in order to shed light on how this issue is affecting businesses and consumers alike. 

What is Credential Stuffing?

Simply put, credential stuffing — also known as password spraying — is an attack whereby bots are deployed to constantly try different username/password combinations at scale to compromise legitimate user accounts until a match is found. Due to years of hacks and data breaches exposing this information, fraudsters have a wealth of raw material to draw upon when launching these attacks. Since they use automation to test credentials at a massive scale at little cost to themselves, they only need a small number of these combinations to be correct in order for their attacks to be profitable.

Credential stuffing is a prime driver of account takeover attacks. Once accounts are compromised, fraudsters have numerous ways to monetize them, such as by stealing money directly from the account (if it is associated with a financial or payment account), re-selling the comprised credentials on black market forums, using the account to launder stolen money, reselling access to a streaming service to multiple people, using a social media account to spread disinformation or propaganda, and much, much more.

During Credential Stuffing Week and beyond, Arkose Labs is engaging with customers, partners, and journalists to ensure that stopping credential stuffing is part of a company’s ongoing fraud strategy. It’s an issue that I personally and the company as a whole am passionate about. 

Long Term Deterrence Against Credential Stuffing

Fraudsters are an innovative and persistent bunch, despite the criminal nature of their work. They constantly change their tactics, upgrade their tools and adapt to overcome new defenses that businesses out up. This is akin to playing whack a mole and leads to mere mitigation,  rather than fraud prevention.

Instead, businesses need long-term deterrence against credential stuffing. That’s why Arkose Labs follows the approach of making the attacks financially unsustainable such that it deters the attackers from entirely targeting your business. By increasing the cost of making the attack for the fraudster, Arkose Labs drastically erodes the potential return of their attack, causing attackers to give up and look for the next, easier target.

Arkose Labs Credential Stuffing Warranty

We believe that digital businesses need a true partner in helping to navigate the complex cybercrime ecosystem. This is why I am so proud that Arkose Labs backs its Fraud and Abuse Prevention Platform with the industry’s first warranty against credential stuffing attacks. The warranty offers a commercial guarantee against credential stuffing attacks, covering customers up to $1 million in response expenses including legal consultation, forensic services, notification expenses, identity theft, and credit monitoring. 

We look forward to bringing you engaging content and interacting with the media, clients, and prospects all this week on this important issue. 

*** This is a Security Bloggers Network syndicated blog from Arkose Labs authored by Kevin Gosschalk. Read the original post at: https://www.arkoselabs.com/blog/introducing-credential-stuffing-awareness-week/

Avatar photo

Kevin Gosschalk

Kevin Gosschalk is the CEO and Founder of Arkose Labs, where he leads a team of people focused on telling computers and humans apart on the Internet. He gained early recognition for his work with the Institute of Health and Biomedical Innovation (QUT) as part of the LANDMark (Longitudinal Assessment of Novel Ophthalmic Diabetic Markers) study, where he developed an innovative mapping technique to detect early signs of diabetes using non- invasive methods. Before Arkose Labs, Kevin worked on gaming hardware for the intellectually disabled at the Endeavour Foundation and built a unique device incorporating Microsoft’s Kinect Camera technology. Noted for his involvement in interactive development and machine vision, Kevin then turned his expertise to automated abuse and human verification — often regarded as the Internet’s impossible problem. Today, Arkose Labs has transformed the irritating chore of comprehension into an SLA-guaranteed technology that prevents automated abuse for brands like Electronic Arts, Singapore Airlines, and Roblox.

kevin-gosschalk has 25 posts and counting.See all posts by kevin-gosschalk