Sander Vinberg, F5 Threat Researcher; Brandon Dunlap, Moderator
Changes in how we design, build, run and secure information systems have also changed how we look at authentication and access control. The emerging concept of identity is transforming the ways that humans and non-human actors alike make use of data and compute power. At the same time, the emergence of identity as a focus for organizations also means that it has become a focus for attackers. To assess the ways that old and new attacks are targeting digital identities, F5 Labs is presenting findings from our 2023 Identity Threat Report: The Unpatchables.
On September 19, 2023 at 1:00 p.m. Eastern/10:00 a.m. Pacific this session will focus on credential stuffing. This will be the first of two sessions. We will quantify its prevalence, explore targeting trends such as attackers’ choice of industries and endpoints, and outline credential stuffing tactics, techniques and procedures (TTPs). We will also take a deeper look into some case studies, with a particular focus on the differences between basic and sophisticated attacks. This talk will also assess the stolen credentials supply chain before focusing on mitigation strategies for combating credential stuffing.