Home » Defense against Password List Attacks (account list attack)

Defense against Password List Attacks (account list attack)jamhelper

Password List Attacks (list type account hacking)

Tries to attack more than one website by ID and password obtained unjustly from other websites.

Many users is reusing the ID and Passord in multiple Internet service.
taking advantage of that …
in the web websites around the world using the ID and Password that were illegally obtained, the monetization of point and the steals of personal information is occurred.

リスト型アカウントハッキング(リスト型攻撃)の概要

From: to call for the unauthorized login prevention by JPCERT / CC STOP !! password reuse!! password list attack
https://www.jpcert.or.jp/pr/2014/pr140004.html

it does not fail in login continuously because the ID and a password are revealed.
detection and prevention will have been very difficult because seceded at same as normal access of almost 1-2 times.

 

Power of list-type account hacking (list-type attack)ListAttack Damage

Website managers will be required to consider measures of reuse of the password

It does not end with only “damages” if the information leakage caused by the neglect of the measures.
would be occur decrease in income by recovery activities occur by loss of a brand image and the customer cancellation

90% of users reuse the password.
Only “warning” is not enough. It is very important to protect against unauthorized access.

 

Actual condition of the list type account hacking (list type attack)

“Cost-effectiveness” of the services provided is very important.

The advanced attack is essential the “WAF” introduction.
However, you can see the effective thing to cut off the short-time access of the same user from published case.

 

Measures of the list-type account hacking

Measures of the list-type account hacking by the Ministry of Internal Affairs and Communications of Japan

It has been published the ‘corresponding measures to unauthorized login by list-type account’ from the Ministry of Internal Affairs and Communications of Japan (2013/12/18)

If more than the threshold of the login request from a particular IP address has occurred, blocking of communication has been cited as an effective countermeasure.

●corresponding measures of the list-type account hacking  Overview  Detail

Measures to prevent the spread of damage caused by the attack

 2.Interruption of communication from a particular IP address
  shut off the threshold or more login request from a particular IP address


Source: “for the corresponding measures to unauthorized login by list-type account hacking (website administrator, such as the Internet service provider for measures Collection)” (Ministry of Internal Affairs and Communications)
(http://www.soumu.go.jp/menu_news/s-news/01ryutsu03_02000063.html)
(Using the December 28, 2014)

The application layer is difficult measures in the performance and operational aspects, but it is feasible with the introduction of jamhelper.

 

Damage situation which has received the list type account hacking

Damage companies transition of JPCERT / CC that is based on published information has been aggregated list type account hacking (list-type attack) is as follows.
(after April 2013)

リスト型アカウントハッキング(リスト型攻撃)の被害企業推移

From: to call for the unauthorized login prevention by JPCERT / CC STOP !! password reuse!! password list attack
https://www.jpcert.or.jp/pr/2014/pr140004.html

Copyright(c) 2014 jamhelper All Rights Reserved.