Digital identities are under siege with 19.4% of authentication requests from automated threats, warns F5 Labs’ 2023 Identity Threat Report.
According to research by F5 Labs, digital identities have become a cybersecurity battleground in 2024, with a large percentage of authentication requests coming from automated hostile systems.
The Unpatchables’ 2023 Identity Threat Report offers valuable insights into digital identity security by evaluating 320 billion data transactions that took place in 159 businesses’ systems between March 2022 and April 2023.
One of the study’s main conclusions is that, in the absence of mitigations, automated systems were responsible for 19.4% of authentication requests, which is a reliable sign of credential stuffing assaults. Using automated tools to enhance their attempts, bad actors utilise credential stuffing attacks to infiltrate other systems by using usernames and passwords that they have obtained from one.
This emphasises how crucial cybersecurity safeguards are for protecting digital identities. Effective mitigation techniques are essential as attackers focus more and more on digital identities.
When implemented proactively, mitigations significantly decreased the rate of malicious automation, bringing it down to 6%. This information demonstrates how successful security measures are at deterring attackers and directing them towards easier targets.
“Our research shows the extent to which digital identities are under attack, and the importance of effective mitigation,” stated Sander Vinberg, F5 Labs’ evangelist for threat research. Importantly, we discovered a regular pattern showing that when defences are put in place, the usage of malicious automation instantly drops to a lower level, with attackers typically giving up and moving on to easier targets.
Adapting strategies
The investigation also looked at how mitigations affected different facets of credential stuffing attacks, providing insight into the attackers’ shifting strategies:
- Attacks were more common on mobile endpoints than on web endpoints; nevertheless, the implementation of mitigations led to a greater decrease in mobile attacks, which in turn shifted attention to web endpoints.
- There were also notable changes in the sophistication of attacks. Basic attacks—which are defined as those that involve little more than emulating human activity or evading bot protection—went from 64.5% to 44% after mitigations were put in place. Conversely, after mitigation, the percentage of intermediate attacks—which attempted to influence anti-bot solutions—rose from 12% to 27%. Advanced attacks increased from 20% to 23% of all attacks. These attacks accurately mimic human browsing behaviour, including mouse movements and keystrokes.
In addition, the study looked at the chain of compromised credentials and found that defenders were not as visible as they thought. Seventy-five percent of the credentials that were entered during assaults were not known to be compromised beforehand.
The study also demonstrated how adaptable attackers can be, as evidenced by the strategies they used to modify authentication success rates using “canary” accounts and avoid detection by employing tools like AntiRed, a Javascript programme made to get beyond browser-based phishing analysis.
According to Vinberg, “attackers who persist in targeting a system with mitigations in place are evidently more determined and skilled, utilising tools that enable them to closely mimic human behaviour or work harder to conceal their activities.”
Attackers are predicted to use automated AI-driven phishing calls more frequently as a result of AI’s growing sophistication and falling costs, posing new difficulties for defences.
Taking Charge
Organisations should proactively adopt anti-bot solutions to prevent harmful automation in order to counter identity-based attacks and protect digital identities, particularly when dealing with simple credential stuffing attacks. Furthermore, defensive measures can be strengthened by cryptography-based multi-factor authentication (MFA) systems, including those built on the WebAuthn or FIDO2 protocols.
In the end, the F5 Labs paper highlights how identity-based assaults are dynamic and constantly changing, highlighting the necessity of constant monitoring, detection, and adaptation to lessen the inherent vulnerabilities in systems where users must authenticate their identities.
