Credential stuffing attacks which make use of automated trial of stolen username & passwords to gain control over user accounts can cost businesses as much as two million dollars a year.
The Akamai data points out that although there is a change in automated attacks to credential abuse, distributed denial of service (aka DDoS) attacks remain a persistent threat, and the Mirai internet-of-things botnet mainly of compromised web-connected security video cameras is still capable of strong fluries of activity.
While additional reports have claimed that the power of the Mirai botnet is now waning Akamai saw a surge of one million unique IP addresses from the botnet scanning the internet in November 2017.
Akamai’s findings also confirmed that the total number of distributed denial of service (DDoS) attacks in the last quarter of 2017 was up fourteen percent compared with the equivalent period in the year 2016.
“Credential abuse is a fairly new trend in bot-enabled cyber criminal underworld, but botnets are being used across the entire spectrum of cyber abuse, such as distributed denial of service attacks, web app attacks as well as site scanning and scraping,” said a source to CBNN.
The financial industry saw a staggering increase in the number of distributed denial of service attacks during this quarter, experiencing some 290 distributed denial of service attacks against 32 organisations, with application layer distributed denial of service attacks up 102% on the previous quarter.
The Akamai data shows that the United Kingdom is the 3rd most targeted country for web app attacks with eighteen million recorded in the quarter, up from 4th place in the third quarter of last year.
In the fourth quarter of 2017, the USA was the single most targeted nation for web application attacks (320 million), followed by Brazil (approx. 29.6 million).
SQL injection remained the main web attack vector in the quarter, making up fifty percent of all web app attacks, which are generally aimed at stealing data.
The report noted that SQL injection is a fairly well known that has remained in the pole position over time because certain organisations have not made the effort to protect their sites.
Local file inclusion came in second place after SQL injection (SQLi) attacks, with a 31% share of the attacks, down from thirty-eighty percent in the previous quarter. Cross-site scripting came in a distant third with seven percent of the attacks, down from nine percent in the third quarter.
Akamai researchers have also seen hacker activity turning to exploit remote code execution vulnerabilities in enterprise-level programs to make enterprise systems part of the new botnet threat.
For instance, hackers have been exploiting vulnerabilities in the GoAhead embedded HTTP server – which has some 800,000 targets – and the Oracle WebLogic Server.
“In the past few years, we have seen hackers move to more direct methods to achieve that goal, such as ransomware. Crypto mining offers attackers the most direct avenue to monetize efforts by putting funds immediately into their cryptocurrency wallets.” a source told CBNN