The number of credential stuffing attacks has skyrocketed as digital traffic has increased during the COVID-19 pandemic. The latest findings come courtesy of Arkose Labs, which claims to have stopped 770 million credential stuffing attacks in the third quarter of 2020 alone.
The total number of bot attacks was even higher, coming in at a record 1.3 billion for the quarter. The majority (64 percent) of those attacks targeted the login process, while 85 percent originated from a desktop computer and 49 percent came from somewhere in Europe.
Arkose disclosed those figures in its Q4 Fraud and Abuse Report. The findings are based on actual user activity between July and September, all of which was analyzed in real-time with Arkose’s Fraud and Abuse Prevention Platform. The company noted that the report does not include bot attacks that were not sophisticated enough to generate a user session, so the total number of bots in circulation could be higher than the one reported.
In that regard, Arkose is the latest company to suggest that fraudsters have been trying to take advantage of the increased volume of digital traffic. According to Arkose, many e-commerce companies are now processing Black Friday levels of traffic on a daily basis, which can make it difficult to distinguish fraudsters from legitimate customers for retailers with less sophisticated fraud prevention infrastructure.
Arkose attributed the high volume of credential stuffing attacks to the prevalence of automated tools that can carry out fraudulent attacks at scale, and to the ready availability of personal information and credentials in the wake of numerous high-profile data breaches.
“Fraudsters are continually devising new and more sophisticated ways of carrying out their attacks,” said Akrose Marketing and Strategy VP Vanita Pandey. “The high fraud levels that accompany high traffic volumes are likely here to stay, even after the pandemic ends. It’s crucial that businesses are aware of the top attack trends so that they can be more vigilant.”
While fraudsters displayed a preference for sweatshop attacks in 2019, they have reverted to automated attacks in 2020, a trend that likely reflects the digital COVID environment. Arkose nevertheless detected 10 million sweatshop attacks from Russia and 7 million from the UK in the third quarter of the year.