Fraudulent registration attempts the top identity attack type in APAC

By contrast, credential stuffing attempts are, at 13.3% against organisations headquartered in the Asia-Pacific, well below the equivalent figures in the Americas (28%) and EMEA (20.2%).

The higher fraudulent registration attempt figure is likely to be a symptom of a less mature approach to identity security in the Asia Pacific, compared to other regions. This corresponds to the enablement of fewer security products and features among Okta’s APAC customers, compared to customers in other parts of the world.

Successful fraudulent registrations at business-to-consumer companies allow bad actors to exploit any incentives provided for consumers to create new customer accounts, degrade the experience of legitimate customers and divert business resources away from more valuable tasks.

Worldwide in H1 2023, nearly one quarter (24.3%) of login attempts on the Okta Customer Identity Cloud constitutes credential stuffing. Unsurprisingly, given the value of accounts in retail and ecommerce, companies in that industry were prime targets accounting for more than half (51.3%) of all credential stuffing events.

About one-seventh (13.9%) of attempted account registrations on the Okta Customer Identity Cloud met our criteria of a sign-up attack, with four industries standing out. These were financial services, with 28.8% of attempted account registrations classed as sign-up attacks, media (28.4%), manufacturing (25.1%) and software/SaaS/technology (24%).

The report noted that 12.7% of MFA bypass attempts were malicious, with media (12.8%), financial services (10.9%), manufacturing (7.8%) and software/SaaS/tech (6.4%) experiencing the highest proportions of MFA bypass attacks.

AI increases danger of threat landscape

Beyond these, the report acknowledges that artificial intelligence (AI) has made the threat landscape more perilous by enabling spear phishing at scale to target thousands of employees at a range of organisations. Other dangers include making low-quality, high intensity attacks such as credential stuffing and fraudulent registrations harder to detect and more effective, enabling new types of attacks, and overcoming some existing security measures such as CAPTCHAs and voice biometric systems.

Fortunately AI also provides opportunities to strengthen defences through further securing applications by design, improving automated threat detection and mitigating risk.

So how can businesses in the Asia Pacific minimise the risk presented by identity attacks? For a start, CIAM must rely on subtle security techniques to achieve a strong and resilient posture, while preserving convenient user experiences.

Because enterprise needs become more demanding while the threat landscape becomes more sophisticated, these techniques need to be tuned continuously to balance user experience, security and privacy, based on each organisation’s risk profile and appetite.

The answer? a best-of-breed CIAM solution with an agile, secure-by-design, defence-in-depth architecture is a highly effective approach to achieving Identity security.

To learn more about the State of Secure Identity, download our report here.