Newsroom

HUMAN Releases The Quadrillion Report: 2024 Cyberthreat Benchmarks, Uncovers Nearly 150 Million Compromised Credential Pairs

By HUMAN

NEW YORK, NY — July 30, 2024 — HUMAN Security, Inc, the global cybersecurity leader in protecting enterprises by disrupting bot attacks, digital fraud, and abuse today released The Quadrillion Report: 2024 Cyberthreat Benchmarks. Based on data gathered from the Human Defense Platform – which observed more than one quadrillion interactions in 2023 – the annual report reveals automated attack trends across fraud and security use cases, including account takeover, fake account fraud, transaction abuse, and web scraping. 

According to the report, the Human Defense Platform blocked more than 352 billion attempts at account takeover, carding attacks, and web scraping across HUMAN’s customer base in 2023. Additionally, HUMAN identified more than 200,000 fake account creation attempts per company and 40,000 compromised accounts post-login per company partnering with HUMAN for account fraud protection. 

HUMAN Security continuously protects enterprises from threats, ensuring the customer journey remains secure. In 2023, HUMAN Security stopped an average of over one billion scraping attack attempts and 46 million carding attack attempts per company.

Additional takeaways from the report include:

    • Compromised credentials soar as threat actors use AI to crack them: Researchers uncovered nearly 150 million new compromised credential pairs, reflecting the continued value among hackers of account takeover attacks. The report attackers are increasingly using AI to crack credentials, whereby they feed an LLM a username or email address, the bot searches for it in databases of compromised credentials, and then tries to figure out what a new password might be based on patterns in old ones. These attacks demonstrate why active research is crucial to protecting users from post-login compromise.
    • Large language model & AI mistrust abound: The Human Defense Platform allows customers to allowlist or blocklist known LLM user-agents depending on whether they perceive LLMs crawling their website to be a net benefit or a net detriment. The report found that 80% opt to block LLMs outright, signifying a lack of trust in these models and the AI applications they support. However, even when threat actors use AI to make their account takeover attacks more powerful, the HUMAN Defense Platform continues to spot and stop these attacks.
    • ATOs increasing in complexity: Account takeover (ATO) attacks continued in 2023 at roughly the same rate as 2022, making up a little more than 20% of all login requests. Account takeover attacks also grew in complexity in response to new security measures intended to stymie them. In September 2023, one retailer experienced an account takeover attack during which fraudulent login attempts made up 99.58% of all traffic to the account login page.
  • Financial services attract attackers’ attention: Due in no small part to the fact that there’s money “available,” financial services organizations experience a variety of attacks, largely focused on seizing that money. Nearly 99% of the traffic to login and payment pages was attempting to break into user accounts or steal information from a payment page.
  • Scraping attacks up in retail & e-commerce: Account takeover attacks on retail and e-commerce businesses remained consistent (about 27% of traffic on login pages) between 2022 and 2023. On the flip side, scraping attacks were — and remain — the biggest attack type targeting retail and e-commerce organizations.

“While different attack methods wax and wane in popularity, risk remains present at every stage of the customer journey,” said HUMAN CISO Gavin Reid. “However, enterprises can protect themselves by implementing good security hygiene and best practices on top of a comprehensive defensive platform.” 

HUMAN researchers found that the rate of attacks remained high year over year, but new and emerging tactics incorporating AI may take these threats in new directions in 2024 and beyond. HUMAN uses more than 2,500 individual signals and more than 400+ algorithms to determine whether an interaction is legitimate or not, protecting websites, mobile apps, and APIs from a broad variety of automated attacks. HUMAN’s, end-to-end visibility across the customer journey provides unmatched telemetry data, enabling high-fidelity decisioning, to provide the trust and confidence in every interaction and transaction that customers deserve.

To download the full copy of The Quadrillion Report: 2024 Cyberthreat Benchmarks, please visit here. Please read our blog to learn more about the report’s findings.

About HUMAN
HUMAN is a cybersecurity company that protects organizations by disrupting bot attacks, digital fraud and abuse. We leverage modern defense to disrupt the economics of cybercrime by increasing the cost to cybercriminals while simultaneously reducing the cost of collective defense. Today we verify the humanity of more than 20 trillion digital interactions per week across advertising, marketing, e-commerce, government, education and enterprise security, putting us in a position to win against cybercriminals. Protect your digital business with HUMAN. To Know Who’s Real, visit www.humansecurity.com.