April 27, 2024 at 10:56AM
Okta warns of a surge in credential stuffing attacks targeting its systems, using TOR network and residential proxies. The attacks are successful against some customers, particularly those using Okta Classic Engine in Audit-only mode and not denying access from anonymizing proxies. Okta suggests measures to proactively block these attacks, including enabling ThreatInsight in Log and Enforce Mode and using the Okta Identity Engine. More generic recommendations to mitigate account takeover risk are also provided.
Summary of Meeting Notes:
– Okta has reported a significant increase in credential stuffing attacks targeting its identity and access management solutions, resulting in breaches of customer accounts.
– Threat actors are using automated credential stuffing to compromise user accounts with lists of usernames and passwords obtained from cybercriminals.
– The attacks are believed to originate from the same infrastructure used in previously reported brute-force and password-spraying attacks by Cisco Talos.
– Okta observed that the attacks were successful for a small percentage of customers, particularly against organizations running on the Okta Classic Engine with ThreatInsight configured in Audit-only mode and those not denying access from anonymizing proxies.
– Okta recommends specific actions to block these attacks, including enabling ThreatInsight in Log and Enforce mode, denying access from anonymizing proxies, switching to Okta Identity Engine, and implementing Dynamic Zones for IP management and geolocation-based access control.
– Additionally, Okta provides generic recommendations to mitigate the risk of account takeover, such as passwordless authentication, multi-factor authentication enforcement, use of strong passwords, denying requests outside company locations, blocking IP addresses of ill repute, and monitoring and responding to anomalous sign-ins.
– BleepingComputer sought further information from Okta regarding the affected customer percentage and impact.
Please let me know if you need any further details or additional assistance with this summary.