83 percent of credential stuffing campaigns target APIs

No Comments

According to new research from Radware 83 percent of credential stuffing campaigns include explicit API-targeting techniques.

The report shows a shift in credential stuffing attacks, underscoring a fundamental transformation from volume-based attacks leveraging a series of repeated password attempts to more sophisticated, multi-stage infiltration techniques.

“To bypass traditional defenses, modern credential stuffing attacks are shifting away from traditional password-spraying techniques in favor of business logic manipulation, cross-platform device spoofing, and strategic API exploitation,” says Arik Atar, senior cyber threat intelligence researcher at Radware. “The message for defending organizations is clear. To match this new reality, they must move beyond credential-centric controls to adopt security strategies that validate entire user journeys, correlate cross-request behavior, and detect suspicious patterns in business logic flows.”

Other advanced attack techniques highlighted by the report include business logic attacks, with 94 percent of configurations implementing four or more business logic attack elements, and 54 percent demonstrating advanced orchestration, using 13 or more distinct techniques.

Multi-device spoofing is increasingly common too with 24 percent of attack scripts alternating between two device types during execution, and 71 percent employing cross-platform transitions, primarily between iOS and Windows.

The technology/SaaS sector has emerged as the primary target (27 percent), followed by financial services/government (16 percent), and the travel/airline (13 percent) sectors. There is a significant shift toward high-value AI tools (44 percent of all technology targets), potentially exploited by spammers who engage in account cracking to create large-scale phishing content. In addition, corporate tools (30 percent), including Microsoft 365, OneDrive, and Outlook, are likely targets for ransomware groups seeking initial access to organizational systems.

You can find out more in the full report, available from the Radware site.

Image credit: [email protected]/depositphotos.com

No Comments
Got News? Contact Us

Recent Headlines

83 percent of credential stuffing campaigns target APIs

Attacks evolve too quickly for businesses to maintain truly resilient security

Google is testing an iOS-style navigation feature for Chrome

Companies pay multiple ransoms as attackers step up threat levels

Sudden Dropbox Passwords closure leaves users seeking alternatives

Almost half of enterprises not prepared for quantum threats

Cooler Master launches MasterFrame 500 Mesh open-frame ATX chassis

Most Commented Stories

Windows 11 25H2 has a new option to remove all unwanted Microsoft apps

42 Comments

This new Windows 11 clone is actually Linux and runs faster on your old PC -- get it now

29 Comments

Half of Americans think AI is a threat, the other half don't. Who's right?

10 Comments

This ergonomic AI mechanical keyboard is built for modern productivity

7 Comments

UpDownTool lets you move from Windows 11 to Windows 10 in just 5 clicks -- without losing any data

6 Comments

Never mind Windows 11, Windows Classic Remastered is the nostalgic Microsoft operating system you didn't know you wanted

6 Comments

IObit Software Updater 8 makes app updates faster and safer -- download it now

5 Comments

Facebook introduces the biggest change to text posts in years

5 Comments

© 1998-2025 BetaNews, Inc. All Rights Reserved. About Us - Privacy Policy - Cookie Policy - Sitemap.