Proxy Phantom: Frequent Credential-Stuffing Attacks Targeting Online Retailers

Proxy Phantom: Frequent Credential-Stuffing Attacks Targeting Online Retailers

Researchers reported a fraud organization that targets e-commerce companies in account takeover attacks.

According to fraud protection firm Sift, the hacker ring, nicknamed Proxy Phantom, is employing more than 1.5 million sets of stolen account information in automated credential-stuffing attacks against online retailers.

Credential-stuffing attacks flood a site with login requests using a database of stolen credentials — perhaps acquired from data leaks or data dumps disclosed and sold online.

Most people use the same login and password across several sites. It is not appropriate because a data breach at one firm might lead to account vulnerability at another.

According to estimates, just 0.1 percent of credential stuffing attacks succeed. Despite the low success rate, these attacks might be profitable when employed against businesses or financial services.

Proxy Phantom “flooded companies with bot-based login attempts at a rate of up to 2,691 login attempts per second,” as per Sift’s Q3 2021 Digital Trust & Safety Index.

Connecting, rotating IP addresses were also employed to make the queries appear to come from different geographical areas. And, the primary targets were online services and e-commerce platforms.

Between April and June 2021, the number of IP clusters more than doubled.

The study further claims that the business’s number of account takeover attacks jumped by 307% from Q3 to Q4. The financial industry, including digital wallet services and bitcoin exchanges, is a major target.

Netacea published an index detailing the actions of scalper bots earlier this month. These automated systems are designed to defeat online queues for high-ticket products like concert tickets and gaming consoles so that their owners may resell and profit.

In recent months, scalpers have been clamoring for the PlayStation 5, cryptocurrency mining GPUs, and Nvidia RTX 3000 series processors.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.