Retail, Hospitality, Travel industries were hit with over 63 billion credential stuffing and 4 billion web application attacks in last two years.
'Criminals are not picky-anything that can be accessed can be used in some way,' said
During the COVID-19 pandemic-related lockdowns in Q1 2020, criminals took advantage of the worldwide situation and circulated password combination lists, targeting each of the commerce industries featured in the report. It was during this time that criminals started recirculating old credential lists in an effort to identify new vulnerable accounts, leading to a significant uptick in criminal inventory and sales related to loyalty programs.
Between
Credential stuffing isn't the only way that criminals target the retail, travel, and hospitality industries. They target organizations in these industries at the source using SQL Injection (
As the global economy prepares for a holiday shopping season, it does so in an environment that has changed radically due to the pandemic. Consumers will not be standing outside of brick and mortar stores waiting for the latest deals in the same way they have in the past. They're going to log-in, collect their reward points, and maybe use loyalty programs to gain some discounts or other perks just for being a member.
Considering everything that goes into a successful loyalty program, and the information people need to provide in order to take part, the criminals have everything they need to get started in a number of crime-related ventures, from account takeovers, to straight-up identity theft. So, while an individual's loyalty to a merchant, airline, or hotel chain might not literally be for sale, there's a good chance the account associated with such programs might be.
'All businesses need to adapt to external events, whether it's a pandemic, a competitor, or an active and intelligent attacker,' Ragan concluded. 'Some of the top loyalty programs targeted require nothing more than a mobile number and a numeric password, while others rely on easily obtained information as a means of authentication. There is an urgent need for better identity controls and countermeasures to prevent attacks against APIs and server resources.'
The Akamai 2020 State of the Internet / Security report, Loyalty for Sale - Retail and Hospitality Fraud is available here. In addition, Akamai will host a webinar on
For additional information, the security community can access, engage with, and learn from Akamai's threat researchers and the insight that the Akamai Intelligent Edge Platform affords into the evolving threat landscape, visit Akamai's Threat Research Hub.
About Akamai
Akamai secures and delivers digital experiences for the world's largest companies. Akamai's intelligent edge platform surrounds everything, from the enterprise to the cloud, so customers and their businesses can be fast, smart, and secure. Top brands globally rely on Akamai to help them realize competitive advantage through agile solutions that extend the power of their multi-cloud architectures. Akamai keeps decisions, apps and experiences closer to users than anyone - and attacks and threats far away. Akamai's portfolio of edge security, web and mobile performance, enterprise access and video delivery solutions is supported by unmatched customer service, analytics and 24/7/365 monitoring. To learn why the world's top brands trust Akamai, visit www.akamai.com, blogs.akamai.com, or @Akamai on Twitter. You can find our global contact information at www.akamai.com/locations.
Media Contacts
Media Relations
+1-617-444-3019
twhitman@akamai.com
Investor Relations
+1-617-274-7130
tbarth@akamai.com
(C) 2020 Electronic News Publishing, source