Miscellaneous 3 min. read

What you need to know about distributed guessing attacks

What you need to know about distributed guessing attacks

Data protection VPN

Do you frequently use your Visa credit or debit card for payments when visiting e-commerce stores? You may have to think twice the next time you make transactions through these sites. Researchers at the Newcastle University in Newcastle upon Tyne, United Kingdom have recently discovered a new form of attack used by hackers to hack card accounts without having any card details.

Using this method of attack, called a Distributed Guessing Attack, allows hackers to find out the card number, expiry date and security code of any credit or debit card by merely using guesswork. Using a distribution bot, attackers distribute guesses across hundreds of online retail sites to validate them by analyzing the replies, using the identification number of a bank as a starting point.

The process could take as quick as six seconds and is highly effective, as attacks involving hundreds of online retailers can net them at least 10 hits.

According to the researchers, users who are at risk of being victimized by these distributed attacks are only those that have Visa credit and debit cards. The researchers said MasterCard’s centralized network was able to detect the attacks after less than 10 attempts, even with payments across various networks.

In 2015, Visa had the largest market share in terms of purchase transactions on global cards at 126.1 billion, taking up 56 percent of the global market.

The researchers noted the inability of the network and the banks to detect the attempts of hackers to get payment card data using the distributed attack method. This vulnerability is said to be among the largest factors that enable success for distributed guessing attacks.

Mohammed Ali, a PhD student at the university’s School of Computing Science and the paper’s lead author, pointed out that the current online payment system is not able to detect multiple invalid payment requests from various websites. This allows unlimited guesses on each card data field, allowing hackers to use up to the allowed number of attempts on each website when carrying out attacks.

Protect your data via Hotspot Shield data protection VPN

Hotspot Shield protects your data from being used by hackers to verify their guessing attacks. It is a data protection VPN that uses an advanced encryption system that provides a secure tunnel for all your information to go through. This protects all your incoming and outgoing information, preventing hackers and snoopers from intercepting them.

Hotspot Shield data protection VPN also ensures that all of your online payment transactions don’t leave any trail. With this, even information that are seemingly insignificant for hackers (but they can actually use to verify their guesses) are concealed.

The best part is that you don’t have to pay anything for this because Hotspot Shield VPN can be downloaded for free!

Download Hotspot Shield for worry-free online sessions

What’s more, Hotspot Shield has a number of other benefits that allow you to maximize your online sessions, including access to restricted and region-locked content, protection against online malware attacks, anonymous online browsing, and IP address masking, among others. You can find more about the other benefits of our data protection VPN here.

Download Hotspot Shield VPN now and enjoy secure and worry-free online transactions! Visit our website to learn more about Hotspot Shield VPN’s features, and don’t forget to read our other blogs for more tips on online security and content access.

Get the latest stories and tips from Hotspot Shield in your inbox