What to Expect From Cyber Criminals This Holiday Season
First, we’ll look at credential stuffing, which is designed to compromise customers’ accounts. If someone uses the same user name and password (i.e., credentials) for multiple online accounts, then when one account is compromised, cyber criminals can use those credentials to gain access to all their other accounts. To make this scale, criminals have started using botnets to try multiple sets of compromised credentials against targeted company login pages. In Akamai’s 2019 State of the Internet / Security: Retail Attacks and API Traffic report, it saw that hackers directed credential abuse attempts at retail sites more than 10 billion times from May 2018 to December 2018, making retail the most targeted industry for these kinds of attacks.
Now let’s look at what you can do to defend against these attacks. For credential stuffing, the key is to detect the behavior of the bot making the attempts to access accounts. The bots can then be blocked, and the team can investigate to determine if the account was compromised, and take actions to protect the customer if needed. Typically, companies deploy a web application firewall (WAF) to defend against this kind of attack. As many of the bots have gotten more sophisticated and try to emulate a person, it's important to determine what the capabilities of your protections are against the latest threats.
- use of server direct data layer;
- handling indirect requests;
- sandboxing/iframe isolation;
- sub-resource integrity;
- marketing technology security.
The issue with many of these is they're manually intensive and don’t provide for situational awareness. Consider looking for a solution that's based on heuristic or behavior-based alerting and response.
Finally, as we look to the holiday season, be sure to exercise your incident response/crisis management processes and make sure everyone understands how being in a change freeze impacts them.
Steve Winterfeld is the senior director of security strategy at Akamai Technologies, a globally distributed intelligent edge platform.
Related story: Cyber Week Security Tips to Protect Against Hackers
Steve Winterfeld is the Senior Director of Security Strategy at Akamai Technologies, a globally distributed intelligent edge platform.
Before joining Akamai, he spent over 10 years building security programs to protect companies and their customers as Director of Incident Response and Threat Intelligence at Charles Schwab, Director of Cybersecurity for Nordstrom and CISO for Nordstrom bank and supporting national defense efforts at Northrop Grumman/TASC. Now he is focused on being the voice of the customer for Akamai’s security vision and helping CISOs solve their most pressing issues.