state of the internet / security | retail attacks and …...ex t v 2 1 editor’s note security...
TRANSCRIPT
1Executive Summary: [state of the internet] / security: Volume 5, Issue 2
Editor’s NoteSecurity teams are increasingly becoming an integral part of business, and are more
vital than ever to success. They have evolved and are increasingly seen as legitimate
business partner and growth enabler.
One of the more important factors for a security team to be considered a business partner
is their ability to identify the risks that the business faces. Identifying risks is not an exact
science. Many security teams understand the nuances in the risks associated with various
technologies — however, it can be a difficult process to identify the potential risk and how
it will impact the business. This becomes even harder when businesses and security teams
are faced with unknowns that the organization has virtually no visibility into. All three
stories in this edition of the State of the Internet / Security report cover topics we feel
organizations are not as cognizant of as they should be.
Rise of API TrafficOur October 2018 survey of API traffic
revealed that 83% of the hits we see are
API driven.
For security practitioners, growth in API
volume is important when considering risk,
because some tools can’t handle it. If current
tools aren’t able to handle this traffic, it
means an organization could be missing a
major source of malicious traffic. With the
proliferation of IoT devices, API traffic will be
something that all organizations will have
to deal with to keep their businesses and
customers protected.
API Traffic by User Agent
UA
Chrome
Mobile Safari
Firefox
Internet Explorer
Edge
Safari
IE Mobile
Other
CFNetwork
Apache HttpClient
13%
8%
2%
2%
1%
1%
0%
66%
3%
2%
TYPE
Browser
Non Browser
Figure 1: The majority of API traffic is for custom applications and not easily categorized
2Executive Summary: [state of the internet] / security: Volume 5, Issue 2
Tools of Mass Retail DestructionWe took a further look at credential stuffing as it relates to the retail industry in this
report. Akamai detected nearly 28 billion credential stuffing attempts between
May and December 2018. This works out to more than 115 million attempts to
compromise or log in to user accounts every single day.
The hardest-hit industry? Retail took the top spot, with 10 billion credential stuffing
attempts directed toward it. The apparel vertical experienced 3.7 billion attempts,
making it the largest targeted vertical within the retail industry during the same time
frame. Akamai also tracked credential stuffing attempts against direct commerce
(1.427 billion); department stores (1.426 billion); office supply stores (1.3 billion); and
fashion, such as jewelry and watches (129,725,233).
300M
250M
200M
150M
100M
50M
0MMay 1
June 2, 2018252,176,323
July 25, 2018252,000,593
Credential Abuse per Day
May – December 2018
October 25, 2018286,611,884
October 27, 2018287,168,120
Cred
entia
l Abu
se A
ttem
pts
Jun 1 Jul 1 Aug 1 Sep 1 Oct 1 Nov 1 Dec 1 Jan 1
Figure 2: Four of the top days for credential stuffing are highlighted between May 1 and December 31, 2018
3Executive Summary: [state of the internet] / security: Volume 5, Issue 2
As the world’s largest and most trusted cloud delivery platform, Akamai makes it easier for its customers to provide the best and
most secure digital experiences on any device, anytime, anywhere. Akamai’s massively distributed platform is unparalleled in scale,
giving customers superior performance and threat protection. Akamai’s portfolio of web and mobile performance, cloud security,
enterprise access, and video delivery solutions are supported by exceptional customer service and 24/7/365 monitoring. To learn
why the top financial institutions, online retail leaders, media and entertainment providers, and government organizations trust
Akamai, please visit www.akamai.com, blogs.akamai.com, or @Akamai on Twitter. Published 02/19.
Bad actors are using tools known as AIOs, or All-In-One bots, to access accounts and
automate purchasing. Some AIO usage fuels the resale market, while other AIOs are
used to control existing accounts or collect valuable personal and financial information.
Is IPv6 Being Underreported?Researchers also looked at DNS traffic to reveal an interesting fact: IPv6 traffic might
be underreported since many systems capable of IPv6 usage still prefer IPv4. Since
IPv6 is still seen as a minority of traffic, it’s not a major selling point for a number of
security tools.
Looking ForwardThe security world encompasses virtually everything now, and security has taken
center stage when it comes to business planning and growth. Gone are the days where
businesses can treat security as an afterthought.
Each of the stories in this issue of the State of the Internet / Security report looks at
aspects of security that might be overlooked, but they are nevertheless important for
day-to-day operations. These stories create a backdrop for what we expect to see in the
upcoming quarters and years.
If you are interested in learning more about the methodologies that were used to curate
the data in the report, we have included an entire section that delves a little deeper.
For a more in-depth look at these stories, please download the full State of the Internet / Security: Retail Attacks and API Traffic report.