A worrying high number of all authentication attempts made on the internet are malicious, claims a new report from F5 Labs, which argues the importance of proactive mitigations of malicious traffic.
The 2023 Identity Threat Report: The Unpatchables, is based on the analysis of 320 billion data transactions that happened in 159 organizations between March 2022 and April 2023.
As per the report, whenever a company fails to implement mitigations, the average rate of automation is 19.4%. Automation, the company claims, is a “strong indicator” of credential stuffing, a malicious practice in which threat actors “stuff” the platform with countless combinations of previously stolen credentials, until one sticks.
Changing the behavior
On the other hand, having mitigations in place reduces this number to 6%.
“Our research shows the extent to which digital identities are under attack and the importance of effective mitigation,” commented Sander Vinberg, Threat Research Evangelist at F5 Labs.
“Significantly, we found a consistent pattern in which the use of malicious automation immediately declined to a lower level when protections are in place, with attackers tending to give up in search of easier targets.”
Mitigations don’t just reduce the average rate of automation, they also change how hackers behave. Without mitigations, attacks were more prevalent against mobile endpoints, the researchers said. With mitigations, as the number of mobile attacks fell, the attacks against web endpoints became more nuanced.
Furthermore, hackers don’t try as hard when there are no mitigations. The majority of the malicious traffic (64.5%) is “basic”, meaning the hackers didn’t try to emulate human behavior or try to counteract bot protection. With mitigations in place, the share of these attacks fell to 44%, while the percentage of more advanced attacks rose from 12% to 27%. The percentage of advanced attacks rose from 20% to 23%.
The research also showed that organizations have very poor visibility into their credentials. As many as 75% of those that were submitted during attacks were unknown to have been compromised in the past.