BUSINESS China a major target of hackers looking to steal passwords

BUSINESS

China a major target of hackers looking to steal passwords

chinadaily.com.cn

14:00, May 16, 2019

China has become one of the top seven destinations experiencing incidents of credential stuffing, with the top three being the United States, India, and Canada. (Photo/IC)

China has become one of the top seven destinations experiencing incidents of credential stuffing, with the top three being the United States, India, and Canada, according to a recent report.

Credential stuffing is the attack where nefarious actors tap automated tools to use stolen login information to gain access to user accounts on other online sites, on the assumption that consumers use the same login and password for multiple services.

The report, released by Akamai Technologies, the world's leading provider of content delivery networks, showed that currently enterprises and institutions from the Asia-Pacific suffer from $28.5 million worth of loss resulting from credential stuffing every year.

In 2018, three of the largest credential stuffing attacks were against online video and music streaming services, ranging in size from 133 million to 200 million attempts. The attacks took place shortly after reported data breaches, indicating hackers were likely testing stolen credentials before selling them.

"Hackers are very attracted to the high-profile online streaming services," said Patrick Sullivan, Akamai's director of security technology and strategy.

Stolen credentials can be used for a host of illicit purposes, not the least of which is enabling non-subscribers to view content via pirated streaming accounts. Compromised accounts are also sold, traded or harvested for various types of personal information, and they are often available for purchase in bulk on the Dark Web, according to Akamai researchers.

"Educating subscribers on the importance of using unique username and password combinations is one of the most effective measures businesses can take to mitigate credential abuse. The good news is that organizations are taking the threat seriously and investigating security defenses," Sullivan added.

Unmesh Deshmukh, vice-president of cloud safety at Akamai Asia-Pacific, said that "current network security protection is not only about enterprises' own business, cloud safety should also be considered. Only the protection combination that targets both can withstand the large-scale, high-volume cyber attack on the internet. Chinese enterprises should be aware of that."

Related Stories

Terms of Service & Privacy Policy

We have updated our privacy policy to comply with the latest laws and regulations. The updated policy explains the mechanism of how we collect and treat your personal data. You can learn more about the rights you have by reading our terms of service. Please read them carefully. By clicking AGREE, you indicate that you have read and agreed to our privacy policies

Agree and continue