A new report from Okta has revealed that credential stuffing as a way to breach customer identity and access management (CIAM) services is accelerating, fueled by password reuse coupled with malicious bots and other automated tools.
The State of Secure Identity 2022 report, which is based on self-reported data from Okta’s AuthO access management platform customers around the world, found that 34% of all traffic on the Auth0 network consists of password stuffing attempts. credentials, or nearly 10 billion attempts. In Q1 2022, the Auth0 network saw two of the largest credential stuffing spikes ever on the platform, with over 300 million attempts per day.
Additionally, the report found that credential stuffing accounts for 61% of all login events in the United States, rising to 85% after an attack in March 2022, credential stuffing far exceeding registration attacks, MFA (multi-factor authentication) circumvent attacks, normal traffic and real failures of users in the same region.
Attacks on CIAM
Attacks that target CIAM services come in many forms, ranging from manual efforts to large-scale approaches that use extensive automation capabilities and brute force tactics. Auth0’s report groups CIAM attacks into three main categories: fraudulent registrations, credential stuffing and MFA bypass, session hijacking, password spraying, and URL rewriting. Session IDs also make up a percentage of notable identity attacks.
According to the report, fraudulent registrations are a growing threat. Auth0 found that the Energy, Utilities, and Financial Services industries experience the highest proportion of registration attacks, with these threats accounting for the majority of registration attempts in these two industries.
When it comes to credential stuffing, while most industries experienced credential stuffing rates that amounted to less than 10% of login events, the report found that in retail/e commerce, financial services, entertainment and energy/utilities, these attacks accounted for the majority of login attempts.
On the Auth0 platform, credential stuffing accounts for 34% of all traffic/authentication events, while registration fraud accounted for approximately 23% of registration attempts in the first 90 days of 2022, compared to 15% in the same period last year.
The report also revealed that the first half of 2022 saw a higher MFA attack base than any previous year in Auth0’s dataset.
The plus of Uber recent security breach is an example of this type of attack, caused by an employee accepting a two-factor authentication request submitted by a hacker after the hacker gained access to the employee’s credentials on the dark web.
As quoted in Auth0’s report, 2022 Verizon Data Breach Investigation Report found that nearly half of data breaches begin with stolen credentials, making account takeover the number one threat to employees and customers, while more than 80% of breaches involving attacks against web applications can be attributed to stolen credentials.
Actions CISOs can take to prevent fraudulent access
For customer-facing application and service providers, having a security perimeter comprised of robust and resilient CIAM capabilities is a must, to guard against fraudulent registrations and account takeovers and the consequences important caused by these abuses.
To protect against these types of attacks, Auth0’s report recommends a number of solutions that involve combining multiple security tools that can operate at different layers and form a unified defensive posture. These include implementing MFA, using generic failure messages that do not reveal system details, limiting failed login attempts, and implementing secure session management practices.
Enforce strong passwords that have minimal length, complexity, and rotation on the recommendations of the NIST (National Institute of Standards and Technology)– in addition to monitoring the use of breached passwords, not shipping products with default credentials or storing passwords in plain text – are also ways for CISOs to protect their organization against CIAM attacks.
In her opening for the report, Auth0 CISO Jameeka Aaron said that CIAM is a unique segment of the broader Identity and Access Management (IAM) market, as customer-facing applications face a different threat landscape.
“While workforce identity management can scale to relatively higher friction and can often rely on a user base that has undergone security awareness training, CIAM does not lacks these factors and must rely on more subtle techniques to achieve and maintain a strong security posture,” she wrote.
Copyright © 2022 IDG Communications, Inc.