New data released by Australian web security firm Kasada has found that 90% of credential abuse attacks emanates from within Australia.
The firm’s inaugural Bots Down Under – An Australian Market Threat Report also found that 86% of Australia’s top 250 websites can’t differentiate between customers and bots.
In addition, it estimated the economic cost of bot attacks at $2,000,000 per breach.
Kasada CEO Sam Crowther said the report was designed to educate Australian businesses on the local threat landscape distinct to Australia.
“Attacks, particularly credential abuse, have the capacity to comprise everything from a customer’s personal information to business, and even national, security.” he said.
“As many aspects of our lives are global – and much of our information now lives online – this shift places tremendous emphasis on businesses to protect and defend against potential threats.”
The report analysed two specific actionable issues for businesses. Bot geography, with Kasada deciphering how credential abuse attacks are delivered to companies through customer data – and, bot visibility, which saw the company investigate whether Australia’s top websites can differentiate between browsers (real humans) and bots.
It found a growing number of internationally-based cybercriminals are routing attacks via homegrown networks, debunking the ‘Island Australia’ theory that geo-blocking guards against attacks. Furthermore, it was revealed that 90% of the country’s top websites were unable to differentiate a customer from a bot on login pages, which leaves bots free to attack, consume bandwidth, spike server costs and slow page loading.
Kasada said the economic impact of bot attacks on businesses had been well documented – a cost equating to an average of $2 million across time, compensation and customer churn. “In 2018, credential abuse attacks represented the third-largest source of reported data breaches – which are not only damaging to any company’s reputation, but they impact customers and business operations long after the attack has taken place,” the company added. “Not only damaging to a company’s reputation, data breaches impact customers and business operation long after the attack has taken place.”
Conducted using three different bot automation tools simulating a common credential abuse attack, the report allows Kasada to determine whether a website could prevent a mock bot attack. The study was followed by an analysis of Kasada data from more than 100 credential abuse attacks to identify how the attacks are delivered.