According to the Akamai 2019 State of the Internet / Security: Retail Attacks and API Traffic report, hackers directed credential abuse attempts at retail sites more than 10 billion times from May to December last year, making retail the most targeted segment studied. The report also spotlights two other pressing security concerns, the preponderance of API-call traffic on the web and the apparent misrepresentation of IPv6-based traffic.
The Company studied the credential abuse technique known as credential stuffing, where hackers systematically use botnets to try stolen login information across the web. They target login pages for banks and retailers on the premise that many customers use the same login credentials for multiple services and accounts. Interest in retail is driven by the value of merchandise, which hackers acquire through compromised accounts and then frequently resell.
According to the report, the insidious AIO bots that hackers deploy are multi-function tools that enable quick purchases by leveraging credential stuffing and a number of evasion techniques. A single AIO bot can target more than 120 retailers at once.
Media & entertainment properties are notable credential abuse victims as well, according to the report. Their value is in the personal information those sites maintain. End users share credit card information and demographic data when they sign up for over-the-top (OTT) online streaming services, for example. This type of data has high value on the black market. Akamai also noted significant numbers of credential abuse attacks against financial services, hotel and travel, and consumer goods sites.
“The techniques change, but the motivation remains the same: greed,” said Martin McKeay, Security Researcher and Editorial Director of the State of the Internet / Security report. “Retailers remain on the front lines, because stolen merchandise sells quickly and at a premium. And for that reason, the data shows which merchandise is of the highest value: Apparel sites are targeted the most.”
Within the retail industry outside of the apparel vertical, Akamai tracked credential stuffing attempts against direct commerce, department stores, office supply stores, and fashion, such as jewelry and watches.
API Traffic Prevalence and Potential IPv6 Underreporting Point to Security Concerns
API calls represent 83 percent of web traffic, according to an October 2018 Akamai traffic review detailed in the report. The majority of API traffic is for custom applications, which is the result of digital transformations and cloud-based application deployment. For security teams, growth in API volume is important when considering risk, because some security tools are not equipped to manage API traffic.
“The state of web applications is fluid, and many API calls are application or company-specific and require a different security approach than HTML traffic, which is seemingly static,” McKeay explained.
Meanwhile, DNS traffic analysis outlined in the report notes that IPv6 traffic might be underreported, since many systems capable of IPv6 usage still prefer IPv4. This could indicate device misconfiguration or improper monitoring and network blind spots, a security concern. Since IPv6 is still believed to be a minority of web traffic, it is not a major selling point for a number of security tools.
A complimentary copy of the 2019 State of the Internet / Security: Retail Attacks and API Traffic report is available for download here. For additional information about credential abuse—specifically credential stuffing—and advice for organizations facing these types of attacks, visit here. For information about other Akamai solutions, including for DNS security, visit here.
The Akamai 2019 State of the Internet / Security: Retail Attacks and API Traffic report combines attack data from across Akamai’s global infrastructure and represents the research of a diverse set of teams throughout the company. The report provides analysis of the current cloud security and threat landscape, as well as insight into attack trends using data gathered from the Akamai Intelligent Platform. The contributors to the State of the Internet / Security Report include security professionals from across Akamai, including the Security Intelligence Response Team (SIRT), the Threat Research Unit, Information Security, and the Custom Analytics group.
Akamai powers and protects life online. The most innovative companies worldwide choose Akamai to secure and deliver their digital experiences — helping billions of people live, work, and play every day. With the world's largest and most trusted edge platform, Akamai keeps apps, code, and experiences closer to users — and threats farther away. Learn more about Akamai's security, content delivery, and edge compute products and services at www.akamai.com, blogs.akamai.com, or follow Akamai Technologies on Twitter and LinkedIn.