topic How to detect credential stuffing attacks with SAS Fraud Management software in Fraud, AML and Security Intelligence https://communities.sas.com/t5/Fraud-AML-and-Security/How-to-detect-credential-stuffing-attacks-with-SAS-Fraud/m-p/793183#M805 <P><SPAN>In a credential stuffing attack, stolen user name and password combinations are used to attempt multiple logins at a different organization, usually with a botnet. With as many as <A title="February 2019 Google/Harris Poll Online Security Survey" href="https://services.google.com/fh/files/blogs/google_security_infographic.pdf" target="_blank" rel="noopener">65% reusing the same password for multiple or all accounts</A>, it is important for organizations to have layered protection against these attacks. The&nbsp;fraudster only needs a small percentage of "hits" across a list of millions or billions of credentials to make the attack worthwhile.&nbsp;</SPAN></P> <P>&nbsp;</P> <P>There are several ways <A title="SAS Fraud Management" href="https://www.sas.com/en_us/software/fraud-management.html" target="_blank" rel="noopener">SAS Frau</A><SPAN><A title="SAS Fraud Management" href="https://www.sas.com/en_us/software/fraud-management.html" target="_blank" rel="noopener">d Management</A>&nbsp;software rules could be used to detect credential stuffing attacks. For example, customer profiles could be developed to detect anomalies in customer logon behavior, lists of compromised email addresses could be collected from public data dumps and put in a lookup list to heighten the&nbsp;risk of logons on any potentially compromised accounts, and the flexibility of the rule response can be&nbsp;used to layer in additional authentication steps.</SPAN></P> <P>&nbsp;</P> <P><A title="Credential Stuffing Attacks" href="https://support.sas.com/content/dam/SAS/support/en/technical-papers/credential-stuffing-attacks.pdf" target="_blank" rel="noopener">This technical paper</A> examines how SAS Fraud Manager software can&nbsp;track logon attempts from different user IDs occuring on a device in a short period of time. Instructions for software rule parameters and rule actions are provided.&nbsp;</P> <P>&nbsp;</P> <P><A title="Credential Stuffing Attacks" href="https://support.sas.com/content/dam/SAS/support/en/technical-papers/credential-stuffing-attacks.pdf" target="_blank" rel="noopener">Read the technical paper now</A>.&nbsp;</P> Fri, 28 Jan 2022 18:39:11 GMT LizGoldberg 2022-01-28T18:39:11Z How to detect credential stuffing attacks with SAS Fraud Management software https://communities.sas.com/t5/Fraud-AML-and-Security/How-to-detect-credential-stuffing-attacks-with-SAS-Fraud/m-p/793183#M805 <P><SPAN>In a credential stuffing attack, stolen user name and password combinations are used to attempt multiple logins at a different organization, usually with a botnet. With as many as <A title="February 2019 Google/Harris Poll Online Security Survey" href="https://services.google.com/fh/files/blogs/google_security_infographic.pdf" target="_blank" rel="noopener">65% reusing the same password for multiple or all accounts</A>, it is important for organizations to have layered protection against these attacks. The&nbsp;fraudster only needs a small percentage of "hits" across a list of millions or billions of credentials to make the attack worthwhile.&nbsp;</SPAN></P> <P>&nbsp;</P> <P>There are several ways <A title="SAS Fraud Management" href="https://www.sas.com/en_us/software/fraud-management.html" target="_blank" rel="noopener">SAS Frau</A><SPAN><A title="SAS Fraud Management" href="https://www.sas.com/en_us/software/fraud-management.html" target="_blank" rel="noopener">d Management</A>&nbsp;software rules could be used to detect credential stuffing attacks. For example, customer profiles could be developed to detect anomalies in customer logon behavior, lists of compromised email addresses could be collected from public data dumps and put in a lookup list to heighten the&nbsp;risk of logons on any potentially compromised accounts, and the flexibility of the rule response can be&nbsp;used to layer in additional authentication steps.</SPAN></P> <P>&nbsp;</P> <P><A title="Credential Stuffing Attacks" href="https://support.sas.com/content/dam/SAS/support/en/technical-papers/credential-stuffing-attacks.pdf" target="_blank" rel="noopener">This technical paper</A> examines how SAS Fraud Manager software can&nbsp;track logon attempts from different user IDs occuring on a device in a short period of time. Instructions for software rule parameters and rule actions are provided.&nbsp;</P> <P>&nbsp;</P> <P><A title="Credential Stuffing Attacks" href="https://support.sas.com/content/dam/SAS/support/en/technical-papers/credential-stuffing-attacks.pdf" target="_blank" rel="noopener">Read the technical paper now</A>.&nbsp;</P> Fri, 28 Jan 2022 18:39:11 GMT https://communities.sas.com/t5/Fraud-AML-and-Security/How-to-detect-credential-stuffing-attacks-with-SAS-Fraud/m-p/793183#M805 LizGoldberg 2022-01-28T18:39:11Z