In this episode, Allan's friend Dr. Sam Small, CISO of Zero Fox, joins us to chat about credential stuffing, its implications and the defenses against it.
Several statistics are given from a few industry reports on credential stuffing, including the Verizon DBIR and F5's report.
Several techniques to foil credential stuffing are explored, as well as common traps when combatting credential stuffing. OWASP provides some guidance in this area.
The criminal's abilities vis a vis breach sharing and botnet as a service are discussed as well.
Finally, Sam explains what keeps him going in cybersecurity...
1:08 Sam's background and education in cyber
2:41 Sam defines credential stuffing and explains why we should care about it
4:17 The origins of the term 'credential stuffing' vs. its history
4:39 Is ransomware the end goal of every single kind of cyber attack?
5:22 Botnets as a service to drive credential stuffing attacks
6:33 Allan cites statistics from the Verizon Data Breach Incident Report
7:23 The DDoS aspects and related cloud costs of credential stuffing
8:48 Sam's theory about F5 report statistics on credential stuffing being interestingly somewhat contradictory
10:43 Anecdotally anyway, password reuse appears to be a huge problem still
11:51 Comabating credential stuffing and common traps in doing so
13:23 Credential stuffing and data breaches are not the same thing
14:17 Getting credential stuffers shut down by way of their service providers
15:25 Practical tips from OWASP for preventing credential stuffing in your environment
19:10 The difference between a comprehensive defense and not
20:32 Are obscure usernames useful in the fight?
22:06 Proposal for user-centric federation to monitor account usage everywhere
23:06 Obligations of those who suffered a breach of credentials
25:14 Criminals share data on their side
26:09 What keeps Sam going in cybersecurity
Learn more about Sam on LinkedIn
Follow Allan Alford on LinkedIn and Twitter
Learn more about Hacker Valley Studio and The Cyber Ranch Podcast
Sponsored by our good friends at Uptycs