Why Was DraftKing Targeted? Expert Weighs In

Our Information Security Experts reacted below on why gambling sites were particularly vulnerable or of interest to credential stuffing attacks.

Subscribe
Notify of
guest

1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Timothy.morris
Timothy.morris , Technology Strategist
InfoSec Expert
November 23, 2022 3:05 pm

This is an interesting case as gambling sites are inherently attractive to criminals because they’re typically tied to users’ bank account. Plus, gambling is considered taboo for some which makes them less likely to come forward if victimized, thus creating prime targets.

These factors combine to be an ideal attack vector for an old favorite – “credential stuffing.” It has been around for a long time but has risen in popularity this year stemming from large credential (user id/email & password pairs) lists becoming readily available. These compiled and aggregated lists make it easy for attackers to automate their attacks, attempting multiple account logons per second.

Last edited 5 days ago by timothy.morris
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x