passwords Archives - Security IT Summit | Forum Events Ltd
Posts Tagged :


‘Massive’ rise in DDoS and password attacks during pandemic

615 410 Stuart O'Brien

New analysis from F5 Labs has discovered a massive rise in DDoS and password login attacks during the pandemic.

In January, the number of all reported SIRT incidents was half the average reported in previous years. However, as lockdowns were put in place from March onwards, there was a sharp rise in incidents.

The attacks can be categorised into two buckets from January to August this year: Distributed Denial of Service (DDoS) attacks (45%) and password login attacks (43%) which comprised of brute force and credential stuffing attempts.

Other findings include:

  • DDoS attacks surge 3x in March: DDoS made up only a tenth of reported incidents in January, but grew to three times that of all incidents in March.
  • No ‘spring slump’ for DDoS: Typically, DDoS attacks see a ‘spring slump’, but these rose in April 2020. In fact, DDoS attacks targeting web apps increased six-fold from 4% in 2019 to 26% in 2020.
  • Attacks are diversifying: The number of DDoS attacks reported to the SIRT and identified as DNS amplification attacks nearly doubled (31%) this year along with DNS Query Flood which is also on the rise.
  • DDoS most popular in APAC with 83% of attacks: Meanwhile, EMEA saw the next highest with 54%.
  • 67% of all SIRT-reported attacks on retailers in 2020 were passwords attacks: A rise of 27% on last year. This was to be expected as the pandemic has caused a huge shift from in-store sales to online

Full details can be found here:

Biometrics and behaviour-based authentication on the rise

960 640 Stuart O'Brien

A new survey suggests our relationship with passwords to identify ourselves online is shifting.

For some of us, it’s shocking to consider single-factor authentication is even in use today, given that poor password habits and stronger computing power has led to an increase in hacking-related breaches involving either stolen or weak passwords.

But a Callsign survey has revealed that a knowledge-based approach, such as passwords, for accessing online accounts is now favoured by less than half of UK and US respondents (45% on both sides of the Atlantic).

Over the last few years, increased availability of biometric tools on laptops, tablets and smartphones has given consumers a taste for biometric identification, and in the survey 30% noted a preference for sharing and storing biometric information (32% in the UK and 27% in the US) for identification when accessing an online account or making a purchase.

Bit it’s clear there’s still a long way to go in shifting consumer attitudes away from solely relying on passwords. Callsign says biometric information as well as behavioural biometric data – such as the way a user swipes their screen or their unique keystroke pattern when entering their password – need to become the norm, so companies can more intelligently identify anomalies and apply additional layers of security.

With employees frequently cited as the weakest link in corporate cybersecurity enforcement, it is no surprise that traditional passwords are preferred at work, where people’s reluctance to embrace more innovative methods of identification over a presumed ease of access is commonplace.

Knowledge-based identification was the most favoured by 56% of workers (58% in the UK and 51% in the US), while biometric methods were preferred by a mere 15% of workers.

Other insights from this survey include:

  • Despite the high preference for knowledge-based identifiers at work (58% in the UK and 51% in the US), they are less favourable for personal use, where 46% noted they were preferred when logging in to check an account balance and 44% chose it for making a purchase or a balance transfer
  • The UK tends to be more receptive to biometrics compared to the US, with 32% to 27%, respectively, noting they’d prefer it overall
  • In the US, age is a significant factor as Baby Boomers (55+) are more receptive to passwords (46%) and biometric identifiers (31%) than younger respondents (aged 18-24), with 39% preferring passwords and 26% preferring biometric identifiers. Younger respondents (those 18 to 24) were more receptive to behavioural identifiers (12%) compared to those aged 55+ (4%)

“The study suggests we’re at a tipping point where our reliance on simple passwords is on a steady downward turn,” said Callsign CEO Zia Hayat. “Although two-factor and multi-factor authentication, along with biometrics, are an improvement, they are still flawed. Ultimately, we understand the privacy of users is paramount. Companies need to offer choice and control when it comes to the data that is collected and the identification methods used – another reason multi-factor identification is so limited.”

“However, there is a new realm of behavioural identification that is truly revolutionising and streamlining identification and improving customer experiences, all whilst minimising fraud. Here at Callsign, we’re creating a much more positive experience with greater protection and better privacy for the consumer or worker.”

Callsign commissioned YouGov Plc to conduct the survey. Total sample size was 2,131 adults in the UK and 1,160 adults in the US. Fieldwork was undertaken in August 2018.