Credential Stuffing 2024: Why AI-Powered Attacks Are the Cybercriminal’s New Best Friend
Stolen credentials were the cybercriminal’s weapon of choice in 2024, contributing to 80% of web app attacks. With billions of leaked credentials available for as little as $10, cyber attackers are like kids in a candy store, except the candy is your personal data. Who knew identity theft could be so affordable?
Hot Take:
Just when you thought you’d finally figured out how to thwart those pesky cybercriminals, in comes the new kid on the block: Computer-Using Agents. These AI-powered ne’er-do-wells promise to make hackers’ lives easier and our lives a whole lot more complicated. If only they could use their powers for good, like helping us find our misplaced keys or finally understanding the ending of “Inception”.
Key Points:
- Credential stuffing was the leading cause of web app attacks in 2024, with 80% of breaches involving stolen credentials.
- Billions of leaked credentials are circulating online, available for as little as $10.
- Computer-Using Agents (CUAs) could automate credential attacks, making them easier and cheaper to execute.
- Certain protections, like CAPTCHA and rate limiting, challenge large-scale attacks, but CUAs might overcome these barriers.
- The future of CUAs could turn credential stuffing attacks into a widespread, automated menace.
Already a member? Log in here