April 29, 2024 at 07:19AM
Okta has warned of a surge in credential stuffing attacks utilizing anonymity services, such as Tor, and residential proxies. These attacks leverage stolen credentials to compromise online accounts. The increase in activity may be linked to a recent global brute-force campaign on VPN and SSH services. Okta recommends measures such as blocking anonymous requests and implementing multi-factor authentication to mitigate these threats.
Based on the meeting notes, the key takeaways are:
– Okta has observed a significant increase in credential stuffing attacks leveraging anonymizing services like The Onion Router (Tor) network, residential proxies such as DataImpulse, Luminati, and NSocks, and mobile devices enrolled in residential proxy networks without the users’ knowledge.
– These attacks have targeted various online services, VPN services, web application authentication interfaces, and SSH services using previously stolen credentials, generic usernames, and valid usernames for specific organizations.
– Cisco has also warned about a mass brute-force campaign that involves similar anonymizing infrastructure and does not appear to target specific geography or industry vertical.
– To mitigate the risk of these attacks, Okta recommends blocking requests from anonymizing services, IPs involved in such activity, implementing good password hygiene, multi-factor authentication (MFA), passwordless authentication, and monitoring and responding to anomalous behavior.
Let me know if you need further information or assistance!