2021 Credential Stuffing Report on F5 Labs
Over the last few years, security researchers at F5 and elsewhere have identified credential stuffing as one of the foremost threats. In 2018 and 2019, the combined threats of phishing and credential stuffing made up roughly half of all publicly disclosed breaches in the United States. Now it is February 2021 and the tech industry is reeling from the twin shocks of the theft of FireEye’s red team tools and the SolarWinds Orion supply chain attack. We at Shape & F5 Labs anticipate there will be many more announcements and unwelcome discoveries surrounding credential spills and, it is important to point out, these campaigns also presented an opportunity for attackers to achieve persistence in the environments of thousands of organizations. For this year, we have renamed the Credential Spill Report (previously published by Shape Security, now part of F5) to 2021 Credential Stuffing Report. We did this in order to look at the entire lifecycle of credential abuse, dedicating much time and effort to not just quantifying the trends around credential theft but also to understanding the steps that cybercriminals take to adapt to and surmount enterprise defenses. Some Key Findings in the report include; The number of annual credential spill incidents nearly doubled between 2016 and 2020. Despite consensus about best practices, industry behaviors around password storage remain poor. Median time for discovering a credential spill between 2018 and 2020 was 120 days; the average time to discovery was 327 days. there are many more... Head over to the F5 Labs, 2021 Credential Stuffing Report to see more key findings, dive into the details around terminology and real-world data, look at lifecycle analysis around theft, fraud, sale, and abuse, and lastly - look at some steps you can take to minimize your exposure to the threats around credential stuffing.Join Microsoft & F5 NGINX Roundtable Discussion: Securing Kubernetes in Azure with AKS & F5 NGINX
This event is open to all F5 users regardless of geographic location. Date:Thursday, September 14, 2023 Time:11:00am PT | 2:00pm ET F5 Speakers:Damian Curry,NGINX Community and Alliances Technical Director, F5 andJeff Bellamy Sr Dir, NGINX Community & Alliances, F5 Guest Speaker:David Peterson,Azure Application Innovation Specialist, Microsoft What's the roundtable discussion about? As the industry continues to “shift left” when it comes to security, having security running at more levels of your infrastructure is increasingly important. In this discussion, the Microsoft and F5 NGINX teams will talk about how you can improve your security posture by leveraging NGINX Plus Ingress Controller and App Protect in your AKS environment. In this Roundtable, Damian and David will discuss the following: How to better secure your Azure AKS clusters with NGINX Plus Ingress Controller and NGINX App Protect WAF & DoS Leverage NGINX Plus Ingress Controller Open ID Connect (OIDC) / JSON Web Tokens (JWT) for authentication in AKS Improve resiliency and scalability in AKS and support self-service (RBAC) with NGINX Plus Ingress Controller Security is essential in your infrastructure and your home – and we’d like to help with both. All attendees will be entered into a drawing for a Moorebot scout, a tiny AI-powered mobile robot for home monitoring. Click here to register
