FB pixel

Digital ID attack mitigation sometimes just makes room for better criminals

Categories Access Control  |  Biometrics News
Digital ID attack mitigation sometimes just makes room for better criminals
 

A cybersecurity company says that successful mitigation of credential-stuffing attacks is not having precisely the effect identity providers might have expected.

A new F5 report illustrates how a baseline graph of malicious automation traffic – credential stuffing — gets squeezed to a fraction of its size after mitigation steps are completed. Yet the choked traffic is comprised of more dangerous, more sophisticated attack traffic.

A small but noticeable drop in traffic for authentication and account management end points occurs upon mitigation. But that is because criminals looking for the easiest marks find new targets and those able to wield intermediary and advanced tools mostly fill the void.

(F5 analyzes threats and markets tools and services to mitigate them.)

Among the advanced tools for performing credential stuffing attacks is software that mimics human-generated traffic.

F5 considers intermediate sophistication the ability to emulate some generic actions. Typically, they cannot simulate “full human browsing.”

Advanced capabilities use custom software as well as Selenium, Puppeteer, Browser Automation Studio. At this level, software is mimicking keystrokes, mouse movements and other actions.

The company makes several recommends in the report, including that identity providers not wait for the best anti-bot software. Simple applications can cut down basic stuffing attacks.

They need to deploy multi-factor authentication using public key cryptography like FIDO2 or FIDO2-based passkeys.

Reverse proxy phishing can bypass some MFA approaches, but F5 says those based on public key infrastructure, including most biometrics implementations, are resistant to these sophisticated attacks.

Article Topics

 |   |   |   |   | 

Latest Biometrics News

 

Liquid identity verifications surge past 60M as Japan leans into chip-scanning

Liquid has reached the 60 million digital identity verification milestone with its online KYC service, with a surge in verifications…

 

Car dealerships rev up digital ID verification to counter rise in identity fraud

Whether it’s a fake credit history, a phony license or a test driver with a stolen identity who makes tracks…

 

GovTech to deliver $10 trillion in value by 2034, says WEF

At the meeting of the World Economic Forum (WEF) in Davos this week, tech is front and center – and…

 

Davos discusses digital wallets, AI economy

This year’s Davos World Economic Forum (WEF) is bringing not only tense trade talks between the U.S. and Europe but…

 

ASEAN updates guidance on deepfakes

The threat of deepfakes is entering high-level discussions from Southeast Asia to Davos. The Association of Southeast Asian Nations (ASEAN)…

 

Philippines faces 36 million backlog in ID cards

The Philippines are still facing a 36 million backlog in distributing the country’s national ID cards which will need additional…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Viewed This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events