Radware Reveals Shift to Sophisticated Credential Stuffing Attacks Targeting APIs, AI Tools

Radware's new research report, "The Invisible Breach: Business Logic Manipulation and API Exploitation in Credential Stuffing Attacks," highlights a significant evolution in credential stuffing tactics from simple volume-based password attempts to complex, multi-stage infiltration methods involving business logic manipulation, multi-device spoofing, and API targeting. The report reveals that 94% of attack configurations use multiple business logic attack elements, with over half demonstrating advanced orchestration involving numerous techniques, while 83% of campaigns explicitly target APIs. Multi-device spoofing is also prevalent, with attackers frequently alternating between device types and platforms such as iOS and Windows. The technology and SaaS sectors are the primary targets, accounting for 27% of attacks, followed by financial services/government and travel/airline sectors. There is a notable focus on high-value AI tools, which constitute 44% of technology targets, and corporate tools like Microsoft 365, OneDrive, and Outlook, which are attractive targets for ransomware groups seeking initial system access. Radware stresses the need for organizations to move beyond traditional credential-centric defenses and adopt comprehensive security strategies that monitor entire user journeys and detect suspicious patterns in business logic flows to counter these sophisticated threats.