Akamai State of the Internet Security Report: Retailers Most Common Credential Stuffing Attack Victim; Points to Dramatic Rise in API Traffic as Key Trend
Cambridge, MA | February 27, 2019
According to the Akamai 2019 State of the Internet / Security: Retail Attacks and API Traffic report, hackers directed credential abuse attempts at retail sites more than 10 billion times from May to December last year, making retail the most targeted segment studied. The report also spotlights two other pressing security concerns, the preponderance of API-call traffic on the web and the apparent misrepresentation of IPv6-based traffic.
The Company studied the credential abuse technique known as credential stuffing, where hackers systematically use botnets to try stolen login information across the web. They target login pages for banks and retailers on the premise that many customers use the same login credentials for multiple services and accounts. Interest in retail is driven by the value of merchandise, which hackers acquire through compromised accounts and then frequently resell.
According to the report, the insidious AIO bots that hackers deploy are multi-function tools that enable quick purchases by leveraging credential stuffing and a number of evasion techniques. A single AIO bot can target more than 120 retailers at once.
Media & entertainment properties are notable credential abuse victims as well, according to the report. Their value is in the personal information those sites maintain. End users share credit card information and demographic data when they sign up for over-the-top (OTT) online streaming services, for example. This type of data has high value on the black market. Akamai also noted significant numbers of credential abuse attacks against financial services, hotel and travel, and consumer goods sites.
The techniques change, but the motivation remains the same: greed, said Martin McKeay, Security Researcher and Editorial Director of the State of the Internet / Security report. Retailers remain on the front lines, because stolen merchandise sells quickly and at a premium. And for that reason, the data shows which merchandise is of the highest value: Apparel sites are targeted the most.
Within the retail industry outside of the apparel vertical, Akamai tracked credential stuffing attempts against direct commerce, department stores, office supply stores, and fashion, such as jewelry and watches.
API Traffic Prevalence and Potential IPv6 Underreporting Point to Security Concerns API calls represent 83 percent of web traffic, according to an October 2018 Akamai traffic review detailed in the report. The majority of API traffic is for custom applications, which is the result of digital transformations and cloud-based application deployment. For security teams, growth in API volume is important when considering risk, because some security tools are not equipped to manage API traffic.
The state of web applications is fluid, and many API calls are application or company-specific and require a different security approach than HTML traffic, which is seemingly static, McKeay explained.
Meanwhile, DNS traffic analysis outlined in the report notes that IPv6 traffic might be underreported, since many systems capable of IPv6 usage still prefer IPv4. This could indicate device misconfiguration or improper monitoring and network blind spots, a security concern. Since IPv6 is still believed to be a minority of web traffic, it is not a major selling point for a number of security tools.
A complimentary copy of the 2019 State of the Internet / Security: Retail Attacks and API Traffic report is available for download here. For additional information about credential abuse-specifically credential stuffing-and advice for organizations facing these types of attacks, visit here. For information about other Akamai solutions, including for DNS security, visit here.
Methodology The Akamai 2019 State of the Internet / Security: Retail Attacks and API Traffic report combines attack data from across Akamai's global infrastructure and represents the research of a diverse set of teams throughout the company. The report provides analysis of the current cloud security and threat landscape, as well as insight into attack trends using data gathered from the Akamai Intelligent Platform. The contributors to the State of the Internet / Security Report include security professionals from across Akamai, including the Security Intelligence Response Team (SIRT), the Threat Research Unit, Information Security, and the Custom Analytics group.
About Akamai Akamai secures and delivers digital experiences for the world's largest companies. Akamai's intelligent edge platform surrounds everything, from the enterprise to the cloud, so customers and their businesses can be fast, smart, and secure. Top brands globally rely on Akamai to help them realize competitive advantage through agile solutions that extend the power of their multi-cloud architectures. Akamai keeps decisions, apps and experiences closer to users than anyone - and attacks and threats far away. Akamai's portfolio of edge security, web and mobile performance, enterprise access and video delivery solutions is supported by unmatched customer service, analytics and 24/7/365 monitoring. To learn why the world's top brands trust Akamai, visit www.akamai.com, blogs.akamai.com, or @Akamai on Twitter.
###
Most recent headlines
04/08/2024
Dalet, a leading technology and service provider for media-rich organizations, is excited to announce Santiago Solanas as its new Chief Executive Officer (CEO)....
03/06/2024
Dalet, a leading technology and service provider for media-rich organizations, a...
06/05/2024
By Ilyse McKimmie
Now, more than ever
That's a phrase so often used in the last few years that I've come to dread seeing it in notes like this one. A...
06/05/2024
alt= class=wp-image-12099 data-lazy-src=/wp-content/uploads/2024/05/Blog-Exabyte-Storage-Demand-960x540-1.jpg/> Demand for storage solutions has reached unprece...
06/05/2024
Around the world, Asian and Pacific Islander (API) artists continue to impact mu...
06/05/2024
Spotify is making it easier for booklovers to count down the days, hours, minutes, and seconds until a new audiobook releases. With Countdown Pages for audioboo...
06/05/2024
Get Ready to join Dan Hong as he hits the streets in his ultimate culinary journ...
06/05/2024
In this video, cinematographer Simon Rowling welcomes viewers behind the scenes as he lights a daytime-interior scene inside a coffee shop. Shooting on Panavisi...
06/05/2024
L3Harris is well positioned to support the complex and multifaceted nature of special operations forces in all domains through our agile and responsive technolo...
06/05/2024
OAKVILLE, Ontario As part of Emergency Preparedness Week, Alert Ready, Canadas national public alerting system, will be distributing a test alert to Canadians i...
06/05/2024
NEW ROCHELLE, N.Y. Horowitz Research has released a new study on the viewing and media habits of U.S. Hispanic/Latine audiences that shows a dramatic decline in...
06/05/2024
RE:Vision Effects Autograph 2024.4 released! 50% Off Through May 9th
Brie Clayton May 6, 2024
0 Comments
New game-changing motion graphics & VFX featu...
06/05/2024
NBC has renewed Night Court for a third season. The courtroom comedy was on the network from 1984 to 1992, and NBC rebooted it in early 2023....
06/05/2024
ABC has revealed its summer schedule. The Bachelorette gets going Monday, July 8, with Jenn Tran the star in season 21. Celebrity Family Feud starts up Tuesday,...
06/05/2024
It's almost go-time for the Holly Springs Salamanders! The season opener is ...
06/05/2024
For years, radio stations have used on-premises servers to broadcast content and manage automation, traffic, and billing systems. As technology continues to adv...
06/05/2024
06 May 2024
AI and Big Data Take the Centre Stage in Central Asia at Beetech 20...
06/05/2024
FIRST LOOK AT JIM PARSONS & MAYIM BIALIK REPRISING THEIR ROLES FROM THE BIG BAN...
06/05/2024
NBC Sports and Churchill Downs Extend Historic Partnership, Kentucky Derby to Be...
06/05/2024
Beverly Hills Aerials, LIV Golf Make Australian-Broadcast History by Flying Live...
06/05/2024
Back to All News
Watch the Trailer for A Part of You - Felicia Maxime, Edvin Ry...
06/05/2024
Leadership in 12G-SDI for low impact migration to 4k production...
06/05/2024
Press release - 6 May 2024 07:31
STATEMENT CONCERNING EUTELSAT GROUP'S GROUND NETWORK Facebook
LinkedIn
Twitter
Download as PDF
Paris, 06 May 2024 ...
06/05/2024
Tyngsboro, Mass. - May 6, 2024 - Join us at InfoComm 2024 to experience the latest advancements in live production technology. From June 12-14, 2024, at the Las...
06/05/2024
To champion global movements to protect and advance equality for LGBTQ+ communities, Apple is introducing a new Apple Watch Pride Edition Braided Solo Loop, ava...
06/05/2024
Actress Matseliso Mohale has joined Muvhango'Talented actress Matseliso Mohale has joined SABC2's soapie Muvhango' as Vhangani's lover and a c...
06/05/2024
Tonight on Smoke and Mirrors: Leroy refuses to give up fighting to bury MthethoDon't miss Monday, 6 May's riveting episode of South African soapie Smoke...
06/05/2024
Intrinsic, a software and AI robotics company at Alphabet, has integrated NVIDIA AI and Isaac platform technologies to advance the complex field of autonomous r...
06/05/2024
Cybersecurity experts at the RSA Conference this week will be on the hunt for ways to secure their operations in the era of generative AI.
They'll find man...
06/05/2024
1) What is the rationale of the transaction? What is the benefit for SES shareholders?
This combination creates a stronger and more competitive multi-orbit ope...
05/05/2024
A special evening performance by multiplatinum singer Becky G will provide a memorable conclusion to TeievisaUnivision's Casa Cultura upfront event on May 1...
05/05/2024
Giant media buyer Publicis is telling network sales executives that it does not think Nielsen's new panel-plus-big-data currency is ready for this upfront....
05/05/2024
WASHINGTON Glenn Kirschner, legal analyst at NBC News, blasted the media for referring to the New York trial of former President Donald Trump as a hush-money ...
05/05/2024
Catchy Comedy's weekend marathon sees The Beverly Hillbillies on the weekend of May 4-5. The event kicks off Saturday, May 4 at 11 a.m. ET, and runs through...
05/05/2024
NBC Sports has the 150th Kentucky Derby Saturday, May 4. The coverage begins at 2:30 p.m. ET on NBC and Peacock and the feature race at Churchill Downs in Louis...
05/05/2024
Back to All News
Netflix Announces New Comedy Series Roosters, Starring Jeroen ...
05/05/2024
Back to All News
Showdown Alert: Baki Hanma VS Kengan Ashura' Drops Electr...
04/05/2024
NEW YORK As the Asian Pacific American Heritage Month kicks off in May, Nielsen has released an extensive new report diving into their media habits with data sh...
04/05/2024
PHILADELPHIA As National Military Appreciation Month gets underway, Comcast has announced several new initiatives to help veterans, service members, and their f...
04/05/2024
WASHINGTON, D.C. Federal Communications Commission chairwoman Jessica Rosenworcel has announced a tentative agenda for the May Open Commission Meeting scheduled...
04/05/2024
The Broadband Forum has announced major enhancements to key 5G convergence standards that the group said will help advance next-generation applications, improve...
04/05/2024
Spotify Wrapped Campaign Spot Graded With DaVinci Resolve Studio
Brie Clayton May 3, 2024
0 Comments
Blackmagic Design today announced that Colorist M...
04/05/2024
Three Boston Conservatory at Berklee Alums Nominated for Tony Awards An additional eight alums and two current students performed in nominated productions.
...
04/05/2024
New faces and new storylines': What to expect on Izingane ZeS'thembu�...
03/05/2024
An innovative learning tool to help media and civil society better understand ho...
03/05/2024
PARK CITY, UTAH - JANUARY 21: (L-R) Actors K stutis Cic nas and Greta Grinevi i t , Director Marija Kavtaradze and Producer Marija Razgute attend the 2023 Sunda...
03/05/2024
If you aren't familiar with Danny Ocean's music, it's only a matter ...
03/05/2024
Spotify has an unwavering commitment to supporting emerging artists across all genres, to helping them launch and thrive in their careers, and to connecting the...
03/05/2024
Como uno de los sonidos de mayor expansi n en el mundo, la M sica Mexicana va m ...
Akamai State of the Internet Security Report: Retailers Most Common Credential Stuffing Attack Victim; Points to Dramatic Rise in API Traffic as Key Trend 
