Okta: Credential-Stuffing Attacks Spike via Proxy Networks

Okta: Credential-Stuffing Attacks Spike via Proxy Networks

April 29, 2024 at 04:46PM

Credential-stuffing attacks on online services are rising, leading to Okta advising its users. Okta’s researchers noticed a surge in attacks on Okta accounts from April 19 to 26. Attacks use anonymous devices like Tor and residential proxies such as NSOCKS, Luminati, and Datalmpulse. Okta introduced a feature to block such requests and urges users to implement defensive measures.

Key Takeaways from Meeting Notes:

– Credential-stuffing attacks targeting online services are increasing due to the accessibility of residential proxy services, stolen credentials, and scripting tools.
– Okta researchers observed an uptick in credential-stuffing attacks against Okta accounts from April 19 through April 26.
– The attacks share a common denominator in that requests are largely made through anonymizing devices such as Tor, and millions of requests were routed through residential proxies like NSOCKS, Luminati, and Datalmpulse.
– Mobile devices are being increasingly used in proxy networks, often due to compromised software developer kits (SDKs), resulting in traffic from these devices being a significant source in these attacks.
– Okta has released a capability in Workforce Identity Cloud (WIC) and Customer Identity Solution (CIS) that blocks requests from anonymizing services, which can be activated in the Okta Admin Console settings.
– Use of Dynamic Zones, an Adaptive MFA feature, is required for organizations looking to block access from specific anonymizers.
– Okta recommends implementing best-practice defense measures, including utilizing multifactor authentication on externally available employee access portals and anomalous behavior detection systems to identify unusual login activities.

These are the summarized key takeaways from the meeting notes related to the increasing credential-stuffing attacks and Okta’s response to this trend.

Full Article