Automated attacks are proliferating against organizations around the globe. As the cost and investment of launching these attacks continues to plummet, companies are increasingly experiencing credential stuffing attacks that can lead to account takeover and fraud.
The ingredients required for these attacks—previously compromised consumer credentials found on the dark web, tools to orchestrate an attack, and botnets to execute the attack—are becoming less expensive to buy, or even rent. As a result, successful credential stuffing attacks can net an attacker a nice pay day. The decision to launch such an attack is a simple cost-benefit analysis that can all too easily tip in the attacker’s favor.
Just as you routinely evaluate the cost of a big purchase against its value, attackers must decide the best place to spend their time and resources. If the opportunity is cheap and the value is astronomical, the ROI is high and the decision is easy.