July 15, 2020

How Credential Stuffing Is Evolving

1 min. read

Credential stuffing sounds simple: attackers test stolen usernames and passwords across sites to see what works. After the hype and complexity of vulnerabilities like Heartbleed and Spectre, password reuse seems easy to dismiss. This has caused credential stuffing to become the most underrated attack of the 2010s and it hints at the future of application level attacks.

This class of attacks remained largely unchanged for years. There was no reason to change, they weren’t blocked. As adversity increased, attackers started to iterate faster, now bypassing defenses in a matter of months or even weeks. Dozens of companies, large and small, have tried to block credential stuffing attacks. Not a single, widely deployable defense – nothing – has seen lasting success without needing to evolve at the same speed.

Attackers aren’t leaving, the return on investment is just too high.

Read the full article published June 17, 2020 here: by InformationSecurityBuzz.

Join the Discussion


Expertly picked stories on threat intelligence

Hundreds of apps will be attacked by the time you read this.

So, we get to work. We obsess over effective attack methods. We monitor the growth of IoT and its evolving threats. We dive deep into the latest crypto-mining campaigns. We analyze banking Trojan targets. We dissect exploits. We hunt for the latest malware. And then our team of experts share it all with you. For more than 20 years, F5 has been leading the app delivery space. With our experience, we are passionate about educating the security community-providing the intel you need to stay informed so your apps can stay safe.


9 hrs

a critical vulnerability—with the potential for remote code execution—is released.