The cybersecurity battlefield of digital identities

Digital identities are under attack, therefore effective mitigation is crucial.
F5 Labs explored the influence of security measures on mitigating credential stuffing attacks, with some proving more determined and sophisticated

The technology landscape is ever-changing, and businesses must adopt new technologies to stay ahead. According to recent research from F5 Labs, digital identities have evolved into a battleground for cybersecurity, where one-fifth of authentication requests originate from malicious automated systems.

The 2023 Identity Threat Report: The Unpatchables examined 320 billion data transactions within the systems of 159 organisations from March 2022 to April 2023. In cases where no protective measures were implemented, the average automation rate, a key indicator of credential stuffing attacks, stood at 19.4%. However, this figure dropped significantly to 6% when proactive measures were put in place.

Credential stuffing attacks involve malicious actors using stolen usernames and passwords from one system to infiltrate others, with automated tools playing a central role in enabling attackers to maximise their attack attempts.

Sander Vinberg, Threat Research Evangelist at F5 Labs, says: “Digital identities have long been a priority for attackers, and the threat is growing as the prevalence of non-human identities increases.

“Our research shows the extent to which digital identities are under attack and the importance of effective mitigation. Significantly, we found a consistent pattern in which the use of malicious automation immediately declined to a lower level when protections are in place, with attackers tending to give up in search of easier targets.”

The growing problem of credential stuffing

Credential stuffing is a rising threat for two main reasons. Firstly, it's due to the widespread accessibility of extensive databases containing breached credentials, such as "Collection #1-5," which openly disclosed 22 billion username and password combinations in plaintext to the hacker community. 

Secondly, nowadays there are more sophisticated bots that are capable of conducting simultaneous login attempts, seemingly originating from various IP addresses. These sophisticated bots can often bypass rudimentary security safeguards, like blocking IP addresses with excessive failed login attempts.

The benefits of effective mitigation on credential stuffing attacks

One of the main points of the study delved into the influence of security measures on mitigating credential stuffing attacks. These measures had the effect of altering attacker behaviour, leading to a decrease in the use of malicious automation. F5 Labs discovered that in the absence of security mitigations, attacks were more frequent on mobile endpoints than on web endpoints. 

However, although it seemed that the introduction of mitigations led to a substantial reduction in mobile attacks, there was a subsequent increase in attacks being directed at web endpoints. As well as this, the application of mitigations seemed to play a role in the sophistication of attacks. 

“Our analysis shows that many attackers simply move on when protections are implemented,” said Vinberg. “Attackers that continue to target a system with mitigations in place are clearly more determined and sophisticated, harnessing tools that allow them to closely replicate human behaviour or work harder to conceal their activities.

“For example, we observed one attack that emulated 513,000 unique user interactions across 516,000 requests – recycling identifiable features in less than 1% of instances. With the most sophisticated attacks, manual observation is sometimes required to identify malicious behaviour and create a new signature.”

A wave of new threats are emerging

Alongside the ever-evolving landscape of cybersecurity, F5 Labs also noted the emergence of a fresh wave of threats. For example, in August 2022, an advertisement surfaced on the Dark Web showcasing a voice phishing system that would employ artificial intelligence to automate phishing calls, therefore with the increasing sophistication and declining costs of AI, means that such approaches are set to become more routine and effective over time.

“Looking ahead, Identity providers should employ an anti-bot solution to mitigate malicious automation such as credential stuffing. Even simple anti-bot solutions can mitigate the bulk of unsophisticated credential stuffing,” Vinberg added.

“Organisations can further strengthen their defences through the use of cryptography-based MFA solutions, such as those based on the WebAUthn or FIDO2 protocols. Ultimately, there is no silver bullet for combating identity-based attacks. Defenders must monitor and detect attacks, quantify the error rate of their detection, and adapt accordingly. 

“The more we study these attacks and their constantly shifting nature, the better we can manage the risk of vulnerabilities that are inherent in any system which users must prove their identity to access.”


For more insights into the world of Cyber - check out the latest edition of Cyber Magazine and be sure to follow us on LinkedIn & Twitter.

Other magazines that may be of interest - Technology Magazine | AI Magazine.

Please also check out our upcoming event - Cloud and 5G LIVE on October 11 and 12 2023.


BizClik is a global provider of B2B digital media platforms that cover Executive Communities for CEOs, CFOs, CMOs, Sustainability leaders, Procurement & Supply Chain leaders, Technology & AI leaders, Cyber leaders, FinTech & InsurTech leaders as well as covering industries such as Manufacturing, Mining, Energy, EV, Construction, Healthcare and Food.

BizClik – based in London, Dubai, and New York – offers services such as content creation, advertising & sponsorship solutions, webinars & events.


Featured Articles

CrowdStrike & HPE: Unifying IT and Security for Secure AI

CrowdStrike and HPE are joining to integrate their Falcon platform and GreenLake cloud and OpsRamp AIOps to give an overview of AI infrastructure

Zscaler and NVIDIA Join to Upskill Zero Trust with Gen AI

NVIDIA is joining with Zscaler to help integrate its AI solutions into their Zero Trust Exchange platform and Zscaler ZDX Copilot

Gigamon Sound Alarm on Cloud Security as Unseen Attacks Soar

Gigamon's latest Hybrid Cloud Security Survey shows unseen cyber attacks have increased 20% year on year

Helping APAC Curb the Threat of Cyber Attacks

Hacking & Malware

SolarWinds: IT Staff Dubious on Organisation's AI Readiness

Technology & AI

Is Stress a Driving Force Behind the Cyber Skills Shortage?

Operational Security