Paradigm Shift In Credential Stuffing Attacks: Radware Report
'To bypass traditional defenses, modern credential stuffing attacks are shifting away from traditional password-spraying techniques in favor of business logic manipulation, cross-platform device spoofing, and strategic API exploitation,' said Arik Atar, senior cyber threat intelligence researcher at Radware. 'The message for defending organizations is clear. To match this new reality, they must move beyond credential-centric controls to adopt security strategies that validate entire user journeys, correlate cross-request behavior, and detect suspicious patterns in business logic flows.'
Radware's research examined 100 advanced credential stuffing configurations deployed through a well-known account takeover tool called SilverBullet.
Advanced attack methodologies Business logic attacks: 94% of configurations implement four or more business logic attack elements, with 54% demonstrating advanced orchestration, using 13+ distinct techniques.
API exploitation: 83% of configurations contain explicit API-targeting techniques.
Multi-device spoofing: 24% of attack scripts alternate between two device types during execution, with 71% employing cross-platform transitions, primarily between iOS and Windows.
Primary targets Industries: Technology/SaaS emerged as the primary target sector (27%), followed by financial services/government (16%), and the travel/airline (13%) sectors.
Online tools: There is a significant shift toward high-value AI tools (44% of all technology targets), potentially exploited by spammers who engage in account cracking to create large-scale phishing content. In addition, corporate tools (30%), including Microsoft 365, OneDrive, and Outlook, are likely targets for ransomware groups pursuing initial access to organizational systems.
Centralized threat landscape Concentration: 51% of the analyzed configurations, randomly collected over six months, were written by just three advanced threat actors: SVBCONFIGSMAKER, t.me/mrcombo1services, and @Magic_Ckg.
Specialization: Each threat actor had over two years of operational experience in distinct areas of specialization, including AI platform authentication bypass, mobile API exploitation, and Microsoft cloud services.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Zawya
18 hours ago
- Zawya
Du partners with Microsoft, Nokia, Khalifa University, and ITU to launch region's first Arabic Telecom LLM for Operational Excellence
Landmark collaboration to deliver an Arabic Telecom Large Language Model (LLM) tailored for internal operations, driving efficiency, automation and AI-driven innovation across systems at du. Dubai, UAE: du, the leading telecom and digital services provider, has partnered with Microsoft, Nokia, Khalifa University's 6G Research Center, and the International Telecommunication Union (ITU) to launch a first-of-its-kind Arabic Telecom Large Language Model (LLM). This cross-sector partnership brings together global tech innovation, regional research leadership, and international policy guidance to co-create an AI model that serves critical telecom functions in Arabic—a first in the industry. The du Arabic Telecom LLM is tailored specifically for internal telecom operations and is designed to enhance the efficiency of du's processes while advancing the UAE's vision for sovereign AI capabilities. This breakthrough collaboration introduces an Arabic-language telecom assistant that supports du's internal teams by enabling real-time customer complaint handling, device issue resolution, and intelligent operational insights through culturally fluent and context-aware dialogue. The model is built to transform internal processes while ensuring alignment with linguistic precision and cultural nuances specific to the UAE market. Saleem AlBlooshi, Chief Technology Officer at du, said: " du Arabic Telecom LLM reflects our commitment to improving internal efficiency and customer experiences using advanced, culturally attuned solutions. Together with our esteemed partners, Microsoft, Nokia, Khalifa University and ITU, we are building a future where AI speaks our language, understands our context, and drives real operational transformation and impactful customer exp." Developed in the UAE, du Arabic Telecom LLM reflects the region's language and cultural standards, ensuring accurate and meaningful applications for internal telecom use across national critical infrastructure. Looking forward, this collaboration lays the groundwork for extending the model's capabilities beyond internal operations to include customer-facing functions and multilingual support, paving the way for broad sectoral innovation. du and its partners are dedicated to advancing this Arabic Telecom LLM as a benchmark for localized, responsible AI application in the telecom industry and beyond. About du du adds life to life with a comprehensive portfolio of mobile, fixed, broadband, entertainment services, and fintech solutions. Through a digital-first approach powered by ultra-reliable fiber and 5G technology, du delivers bespoke solutions leveraging cloud computing, AI-driven analytics, advanced cybersecurity, and IoT integration. As a trusted digital telco enabler spearheading the UAE's digital transformation, we collaborate with a dynamic partner ecosystem to propel industries and society toward operational excellence, shaping a more connected and digitally advanced future across the region.
Zawya
19 hours ago
- Zawya
OpenAI eyes $500bln valuation in potential employee share sale, source says
ChatGPT maker OpenAI is in early-stage discussions about a stock sale that would allow employees to cash out and could value the company at about $500 billion, a source familiar with the matter said. That would represent an eye-popping bump-up from its current valuation of $300 billion, with the sale underscoring both OpenAI's rapid gains in users and revenue as well as the intense competition among artificial intelligence firms to secure talented workers. The transaction, which would come before a potential IPO, would allow current and former employees to sell several billion dollars worth of shares, said the source, who requested anonymity because the talks are private. Bolstered by its flagship product ChatGPT, OpenAI doubled its revenue in the first seven months of the year, reaching an annualized run rate of $12 billion, and is on track to reach $20 billion by year-end, the source added. Microsoft-backed OpenAI has about 700 million weekly active users for its ChatGPT products, a surge from about 400 million in February. The share sale talks come on the heels of OpenAI's primary funding round announced earlier this year, which aims to raise $40 billion, led by Japan's SoftBank Group. SoftBank has until the end of the year to fund its $22.5 billion portion of the round, but the remainder has been subscribed at a valuation of $300 billion, the source said. Tech giants are competing aggressively for AI talent with lucrative compensation packages. Meta is notably investing billions in Scale AI to poach its 28-year-old CEO, Alexandr Wang, so that he can lead its new super intelligence unit. Unlisted firms such as ByteDance, Databricks and Ramp have also used private share sales to help update a company's valuation and reward long-term employees. Existing investors in OpenAI, including Thrive Capital, are in discussions to participate in the employee share sale, the source said. Thrive Capital declined to comment. Bloomberg first reported the potential sale. OpenAI is working on a significant corporate restructuring that would move away from its current capped-profit model and open the door for an initial public offering in the future. Chief Financial Officer Sarah Friar said in May, however, that an IPO would only come when the company and markets were ready. (Reporting by Krystal Hu in New York and Shivani Tanna in Bengaluru; Editing by Sumeet Chatterjee and Edwina Gibbs)
Khaleej Times
a day ago
- Khaleej Times
OpenAI eyes $500 billion valuation in potential employee share sale, source says
ChatGPT maker OpenAI is in early-stage discussions about a stock sale that would allow employees to cash out and could value the company at about $500 billion, a source familiar with the matter said. Existing investors, including Thrive Capital, are in discussions to participate, said the source, who requested anonymity because the talks are private. The $500 billion valuation is an eye-popping bump-up from the $300 billion valuation that the Microsoft-backed company currently has. The share sale would offer a financial incentive to employees as technology giants such as Meta compete aggressively for AI researchers with lucrative compensation packages.
