Artificial Intelligence & Machine Learning , Next-Generation Technologies & Secure Development

How to Battle Credential Stuffing Attacks

Attackers Use Stolen Credentials for Fraud, Warns Shape Security's Dan Woods
Dan Woods, vice president, Shape Intelligence Center

To combat credential stuffing and other types of rising attacks, organizations need data - and lots of it - to feed machine learning and artificial intelligence algorithms to better detect these types of high volume attacks, says Dan Woods, vice president of the Shape Intelligence Center.

See Also: Why the Future of Security is Identity

"The key is data - you have to have lots of data, because over the years these attackers have evolved and become much more sophisticated," Woods says. "You have millions of credentials available on the dark web, and these bad attackers will take these credentials and try them programatically against the log-in form on another site, a site that hasn't been compromised, and because of the way people reuse their passwords, these bad actors are successful anywhere from 0.1 percent to 3 percent of the time.

In a video interview at RSA Conference 2018, Woods discusses:

  • Credential stuffing attacks;
  • Fake account creation;
  • The risk posed by reverse-engineering organizations' workflows for competitive intelligence purposes.

Before joining Shape Security, where he serves as vice president of the Shape Intelligence Center, Woods served as assistant chief agent of special investigations at the Arizona attorney general's office, where he investigated complex fraud. Prior to that, he spent 20 years with local, state and federal law enforcement agencies and intelligence organizations, including the FBI, where he specialized in information operations and cybercrime.

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.