New and Old Techniques in the Fight Against Credential Stuffing

Abstract

Credential theft is a known issue, and it is compounded by credential stuffing - that is, automatically compromising accounts by utilizing credentials that have been reused between services. Existing techniques for detection and prevention have been shown to have multiple weaknesses. They can be circumvented, and although they can disrupt attack chains, these disruptions are temporary rather than conclusive. In this paper we will describe credential stuffing, list common methodologies to combat it, and introduce a better means to detect, prevent, and respond to it. As threats become more sophisticated, teams must become aware of emerging approaches to thwart them. This new technique combines existing technologies with attribution, so as to better tie together all stages of the threat.

Download the Full Whitepaper

Hivemind Intelligent Deception

Hivemind is Forkbombus Labs’ patent pending A.I. Driven Deception Technology. Standard honeypots and deception technologies imitate a predetermined service or environment. This becomes problematic as attackers capabilities and interests often differ than what static deceptions offer. Despite attackers stumbling upon static honeypots, these technologies are often overlooked by attackers who favor different scenarios. When attackers fail to engage with deception technologies, defenders fail to gain valuable intelligence which enables intelligent responses to attacks.

As Hivemind learns an attacker’s capabilities and motivations, Hivemind sensors instantly alter their appearance to each attacker to emulate what they are most likely to interact with. Hivemind ensures attackers are more likely to engage Hivemind sensors, leveraging attackers to divulge unparalleled information about themselves and their intentions as possible. This enhanced collections capabilities enables defenders to rapidly detect attacker’s resources, motivations, and identities, allowing defenders to respond to threats quicker and more intelligently than ever before. Attackers that engage with Hivemind increase their costs while saving defenders time and money.