Arkose Records High Volume of Credential Stuffing Attacks

The number of credential stuffing attacks has skyrocketed as digital traffic has increased during the COVID-19 pandemic. The latest findings come courtesy of Arkose Labs, which claims to have stopped 770 million credential stuffing attacks in the third quarter of 2020 alone.

The total number of bot attacks was even higher, coming in at a record 1.3 billion for the quarter. The majority (64 percent) of those attacks targeted the login process, while 85 percent originated from a desktop computer and 49 percent came from somewhere in Europe.

Arkose disclosed those figures in its Q4 Fraud and Abuse Report. The findings are based on actual user activity between July and September, all of which was analyzed in real-time with Arkose’s Fraud and Abuse Prevention Platform. The company noted that the report does not include bot attacks that were not sophisticated enough to generate a user session, so the total number of bots in circulation could be higher than the one reported.

In that regard, Arkose is the latest company to suggest that fraudsters have been trying to take advantage of the increased volume of digital traffic. According to Arkose, many e-commerce companies are now processing Black Friday levels of traffic on a daily basis, which can make it difficult to distinguish fraudsters from legitimate customers for retailers with less sophisticated fraud prevention infrastructure.

Arkose attributed the high volume of credential stuffing attacks to the prevalence of automated tools that can carry out fraudulent attacks at scale, and to the ready availability of personal information and credentials in the wake of numerous high-profile data breaches.

“Fraudsters are continually devising new and more sophisticated ways of carrying out their attacks,” said Akrose Marketing and Strategy VP Vanita Pandey. “The high fraud levels that accompany high traffic volumes are likely here to stay, even after the pandemic ends. It’s crucial that businesses are aware of the top attack trends so that they can be more vigilant.”

While fraudsters displayed a preference for sweatshop attacks in 2019, they have reverted to automated attacks in 2020, a trend that likely reflects the digital COVID environment. Arkose nevertheless detected 10 million sweatshop attacks from Russia and 7 million from the UK in the third quarter of the year.

Sponsored Links

FaceTec’s patented, industry-leading 3D Face Authentication software anchors digital identity, creating a chain of trust from user onboarding to ongoing authentication on all modern smart devices and webcams. FaceTec’s 3D FaceMaps™ make trusted, remote identity verification finally possible. As the only technology backed by a persistent spoof bounty program and NIST/iBeta Certified Liveness Detection, FaceTec is the global standard for Liveness and 3D Face Matching with millions of users on six continents in financial services, border security, transportation, blockchain, e-voting, social networks, online dating and more. www.facetec.com

FACEPHI is a global leader in Facial Recognition technology and in Mobile Biometrics technologies. With a strong concentration in the financial sector, FacePhi’s product is rapidly becoming a service used by banks all over the world. Its implementation doesn’t just save money, it is also a way to attract clients and build loyalty, while increasing the security of transactions for both the customer and the business. To learn more about FacePhi, visit https://www.facephi.com/en/

Related News & Articles

Footer

Follow Us