Findings From the 2023 Identity Threat Report, Pt 1: Credential Stuffing

Presented by

Sander Vinberg, F5 Threat Researcher; Brandon Dunlap, Moderator

About this talk

Changes in how we design, build, run and secure information systems have also changed how we look at authentication and access control. The emerging concept of identity is transforming the ways that humans and non-human actors alike make use of data and compute power. At the same time, the emergence of identity as a focus for organizations also means that it has become a focus for attackers. To assess the ways that old and new attacks are targeting digital identities, F5 Labs is presenting findings from our 2023 Identity Threat Report: The Unpatchables. On September 19, 2023 at 1:00 p.m. Eastern/10:00 a.m. Pacific this session will focus on credential stuffing. This will be the first of two sessions. We will quantify its prevalence, explore targeting trends such as attackers’ choice of industries and endpoints, and outline credential stuffing tactics, techniques and procedures (TTPs). We will also take a deeper look into some case studies, with a particular focus on the differences between basic and sophisticated attacks. This talk will also assess the stolen credentials supply chain before focusing on mitigation strategies for combating credential stuffing.
Related topics:

More from this channel

Upcoming talks (10)
On-demand talks (453)
Subscribers (143001)
ISC2 Security Briefings brings attendees both stand alone webcasts and multi-part series on cutting edge infosecurity topics that gets deeper into the subject matter and technologies presented by subject matter experts.