Using stolen account credentials to attempt to compromise other accounts of the same user is not new but a recent report by Akamai shows this practice is gaining increasing popularity in the criminal underworld.
The company has released its State of the Internet/Security report which shows that while direct denial of service attacks (DDoS) have continued to increase at the projected rate, there has been a considerable increase in the number of users having multiple accounts compromised from stolen credentials, some from breaches more than four years old.
“I have personally been fighting it since 2012, but we are seeing more of it recently,” Akamai security Asia-Pacific and Japan chief technology officer, Mike Smith, said.
Smith said the company had seen data from the 2012 LinkedIn breach being sold in the recent weeks and an increase in account takeover attempts as a result. Interestingly, this is information which was available on torrenting sites for free soon after the breach occurred.
“When somebody has a list like that, provided that the list is shared with a group of criminals or available for free download, we will see a corresponding increase in account takeover activity or tools checking for account reuse."
Smith went on to say the company had witnessed a continuation of the trend in the increase and severity of DDoS attacks over 100gbps, the most crippling form of DDoS attack.
The company dealt with more than 4500 DDoS attacks during the reporting period, a 125 per cent increase compared to the same time period in 2015.
“Attackers have their own economics, the whole idea If you are an attacker is to be as effective as you can with the minimal use of resources and minimal risk to yourself,” Smith said.
He added that in the DDoS space, the network attacks against DDoS targets, gaming companies are by far the most targeted industry for a simple reason.
“Gaming is popular because the latency impact of such attacks is noticeable to the end user,” He explained.
He added that the online retail sector receives the majority of web application attacks because of the way retailers structure workflow through the website.
“You go into the site and you can login, you can browse objects, you can add something to your cart, you can almost go through the checkout without having to login. Because of this these sites have a large attack surface that is exposed and so these sites experience a lot more attacks than a government website for example," he said.
Smith predicted that one of the ‘mega trends’ which would become apparent over the next five years was attacks on local Government websites as Australian State and Federal Governments push more services online.