The impact of credential stuffing attacks was substantial in 2024, driven by a vicious cycle of infostealer infections and data breaches. However, the situation may worsen with the emergence of Computer-Using Agents, a new type of AI agent that enables low-cost, low-effort automation of common web tasks, including those frequently performed by attackers.
Stolen credentials: The preferred weapon of choice for cybercriminals in 2024
Stolen credentials were the most common attacker action in 2023/24, and the breach vector for 80% of web app attacks. This is not surprising, given the fact that billions of leaked credentials are circulating online, and attackers can obtain the latest batch for as little as $10 on criminal forums.
The black market for stolen credentials has benefited from the publicity surrounding high-profile breaches in 2024, such as the attacks on Snowflake customers using credentials found in data breach dumps and compromised credential feeds from infostealer and mass phishing campaigns. These attacks resulted in the compromise of 165 customer tenants and hundreds of millions of breached records.
Despite 2024 being an unprecedented year in terms of the impact of identity-based attacks, there is still significant untapped potential for attackers to exploit.
Credential attack automation — what’s changed with the shift to SaaS?
Brute forcing and credential stuffing are not new, and have been a key component of the cyber attacker toolkit for decades. However, it’s not as straightforward to automatically spray credentials across systems as it once was.
No more one-size-fits-all approach
Rather than a single centralized network with apps and data contained within an infrastructure perimeter, business IT now consists of hundreds of web-based apps and platforms, creating thousands of identities per organization.
This means that identities are now decentralized and distributed across the internet, rather than being stored solely in identity systems like Active Directory, and implemented using common protocols and mechanisms.
While HTTP(S) is standard, modern web apps are complex and highly customized, with a graphically-driven interface that is different every time. Moreover, modern web apps are designed to prevent malicious automation through bot protections like CAPTCHA.
As a result, custom tool development is required for every app that an attacker wants to target, rather than being able to write a single set of tools to use across any organization or environment.
Finding the needle in the haystack
Not only are there more environments for attackers to include in the scope of their attack, but there are also more credentials to work with.
There are approximately 15 billion compromised credentials available on the public internet, not including those found only in private channels or feeds. This list is constantly growing, with 244 million never-before-seen passwords and 493 million unique website and email address pairs being added to Have I Been Pwned from infostealer logs just last month.
Although this may seem alarming, it’s challenging for attackers to harness this data. The vast majority of these credentials are old and invalid. A recent review of threat intelligence data by Push Security researchers found that fewer than 1% of stolen credentials included in threat intelligence feeds from a multi-vendor data set were actionable, meaning 99% of compromised credentials were false positives.
However, not all of them are useless, as demonstrated by the Snowflake attacks, which successfully leveraged credentials dating back to 2020. Therefore, there are clearly valuable credentials waiting to be discovered by attackers.
Attackers are forced to prioritize
The distributed nature of apps and identities, and the low reliability of compromised credential data, means attackers are forced to prioritize.
- Writing and running custom Python scripts for every single app (there are over 40,000 SaaS apps on the internet) is not realistic. Even if you focused on the top 100 or 1,000 apps, it would be a significant task requiring constant maintenance, while barely scratching the surface of the total opportunity.
- Even when fully scripted and using a botnet to distribute the attack and avoid IP blocking, controls like rate limiting, CAPTCHA, and account lockouts can obstruct mass credential stuffing against a single app. A concentrated attack on a single site is likely to generate significant levels of traffic if you want to get through 15 billion passwords in a reasonable timeframe, making it likely to raise the alarm.
As a result, attackers tend to target a smaller number of apps and only look for a direct match in terms of the credentials attempted.
A missed opportunity?
The situation regarding credential stuffing attacks is already severe, but things could be significantly worse.
Password reuse means a single compromised account could lead to many
If attackers were able to increase the scale of their attacks to target a broader number of apps, they could take advantage of all-too-common password reuse. According to a recent investigation of identity data, on average:
- 1 in 3 employees reuse passwords
- 9% of identities have a reused password and no MFA
- 10% of IdP accounts (used for SSO) have a non-unique password
This means that if a stolen credential is valid, there’s a good chance it can be used to access more than one account, on more than one app.
Scaling credential attacks with Computer-Using Agents
Until now, the impact of AI on identity attacks has been limited to the use of LLMs for creating phishing emails, AI-assisted malware development, and social media bots. However, with the launch of OpenAI Operator, a new kind of “Computer-Using Agent,” this could be about to change.
Operator is trained on a specialist dataset and implemented in its own sandboxed browser, allowing it to perform common web tasks like a human.
Demo: Using Operator to conduct credential stuffing attacks at scale
Researchers at Push Security put the malicious use-cases of Operator to the test, using it to identify which companies have an existing tenant on a list of apps and attempt to log in to various app tenants with a provided username and password.
Impact summary
The results were significant, demonstrating the ability to target a list of apps with compromised credentials and perform in-app actions. This could be scaled up to target a much broader range of apps, taking advantage of password reuse and converting compromised credentials into systemic breaches.
Final thoughts
It’s still early days for CUA technology, but there’s a clear indication that an already severe security challenge could be made worse with this particular form of AI-driven automation. While the ability to target a broad set of apps has been previously beyond the scope of traditional automation, it’s about to become much more accessible to even low-skilled attackers.
Operator means that attackers can leverage compromised credentials at scale, take advantage of vulnerable and misconfigured identities, and convert them into systemic breaches more easily. Thankfully, no new anti-AI capabilities are required, but it’s more important than ever that organizations defend their identity attack surface and find and fix identity vulnerabilities before attackers can take advantage of them.
Find out more
If you want to learn more about identity attacks and how to stop them, check out Push Security. You can book a demo or try out their browser-based platform for free.
And if you want to see more malicious use cases of Operator, check out this on-demand webinar.
