How Credential Stuffing Is Evolving

Cred stuffing isn't going away. Shape's Jarrod Overson writes for InformationSecurityBuzz, examining the ROI of cred stuffing for attackers, and the evolution to "imitation attacks".
July 15, 2020
1 min. read

Credential stuffing sounds simple: attackers test stolen usernames and passwords across sites to see what works. After the hype and complexity of vulnerabilities like Heartbleed and Spectre, password reuse seems easy to dismiss. This has caused credential stuffing to become the most underrated attack of the 2010s and it hints at the future of application level attacks.

This class of attacks remained largely unchanged for years. There was no reason to change, they weren’t blocked. As adversity increased, attackers started to iterate faster, now bypassing defenses in a matter of months or even weeks. Dozens of companies, large and small, have tried to block credential stuffing attacks. Not a single, widely deployable defense – nothing – has seen lasting success without needing to evolve at the same speed.

Attackers aren’t leaving, the return on investment is just too high.

Read the full article published June 17, 2020 here: by InformationSecurityBuzz.

Join the Discussion
Authors & Contributors
Jarrod Overson (Author)
Director of Engineering

More from Learning Center

Forward and Reverse Shells
Forward and Reverse Shells
09/15/2023 article 5 min. read
Web Shells: Understanding Attackers’ Tools and Techniques
Web Shells: Understanding Attackers’ Tools and Techniques
07/06/2023 article 6 min. read
What Is Zero Trust Architecture (ZTA)?
What Is Zero Trust Architecture (ZTA)?
07/05/2022 article 13 min. read