|
|
|
|
|
|
by graystevens
2895 days ago
|
|
|
I'll add another data point, from the consumer telecoms industry. 90% feels way too high from what we had to head with, even prior to implementing rate-limiting and other defences. We ended up tracking actors as they switched up their techniques to evade us and our defences, and ended up learning a lot about credential stuffing, the tools involved and some of the motives behind them attacking lesser-known websites. We ended up blogging about our findings, should anyone else have to deal with this cat and mouse fun: https://breachinsider.com/blog/2017/credential-stuffing-how-... |
|
|