"Credential Stuffing Reaches 193 Billion Login Attempts Annually"

Akamai's new "State of the Internet" report reveals that the number of credential stuffing attacks reached 193 billion in 2020. The number of login attempts using stolen or reused credentials increased more than 310 percent from 47 billion in 2019. An unspecified amount of the login attempts was attributed to an increase in customers and an improved view of credential stuffing attacks. The increases not only show that attackers are throwing more requests at websites but also an increase in threats. Many businesses have moved a greater portion of their infrastructure to the cloud to enable access to corporate applications and data for remote works, over the past year. Therefore, attackers have focused more on cloud services that are accessible using a username-password combination. They have also been focusing more on Virtual Private Network (VPN) gateways. Akamai also emphasized the leak of millions of new usernames and passwords in early 2020, which contributed to the significant increase in credential stuffing observed later in the year. Akamai blocked a smaller volume of Web application attacks. However, such attacks can pose considerable danger. SQL injection (SQLi) attacks, which are executed against databases used to power websites, made up more than two-thirds of overall Web application attacks. Local File Inclusion (LFI) attacks follow SQLi attacks, accounting for nearly 22 percent of the total number of such attacks. This article continues to discuss key findings from Akamai's report on the state of the Internet. 

Dark Reading reports "Credential Stuffing Reaches 193 Billion Login Attempts Annually"