A worryingly high number of all authentication attempts on the Internet are malicious, according to a new report from F5 Labs, which argues for the importance of proactively mitigating malicious traffic.
The Identity Threat Report 2023: The Unpatchablesis based on the analysis of 320 billion data transactions that took place in 159 organizations between March 2022 and April 2023.
According to the report, the average automation rate is 19.4% when a company fails to implement the measures. Automation, the company claims, is a “strong indicator” of “credential stuffing,” a malicious practice in which threat actors “stuff” the platform with numerous combinations of previously stolen credentials until one sticks.
Changing the behavior
On the other hand, taking measures reduces this number to 6%.
“Our research demonstrates the extent to which digital identities are under attack and the importance of effective mitigation,” said Sander Vinberg, Threat Research Evangelist at F5 Labs.
“Significantly, we found a consistent pattern in which the use of malicious automation immediately dropped to lower levels when security was in place, with attackers tending to give up in search of easier targets.”
Measures not only reduce the average level of automation, they also change the way hackers behave. Without measures, attacks became more common on mobile endpoints, the researchers said. As the number of mobile attacks decreased, the measures against web endpoints became more nuanced.
Moreover, hackers do not try very hard if there are no measures in place. The majority of malicious traffic (64.5%) is ‘basic’, meaning the hackers did not attempt to mimic human behavior or thwart bot protection. Now that measures have been taken, the share of these attacks fell to 44%, while the percentage of more advanced attacks increased from 12% to 27%. The percentage of advanced attacks increased from 20% to 23%.
The research also showed that organizations have a very poor view of their references. As many as 75% of attacks submitted during attacks were not known to have been compromised in the past.