Okta: Credential-Stuffing Attacks Spike via Proxy Networks

  /     /     /  
Publicated : 23/11/2024   Category : security


Okta: Credential-Stuffing Attacks Spike via Proxy Networks


Okta warns users that the attack requests are made through an anonymizing service like Tor or various commercial proxy networks.



Credential-stuffing attacks
targeting online services are spiking due to the accessibility of residential proxy services,
stolen credentials
, and scripting tools, Okta is warning its users.
From April 19 through April 26, Oktas researchers observed an increase in credential-stuffing attacks against Okta accounts.
Moussa Diallo and Brett Winterford, researchers at Okta Security, note that all recent attacks share a common denominator: The requests are made largely through an anonymizing device such as Tor. 
In addition to this, the researchers found that millions of requests were routed through various residential proxies such as NSOCKS and Datalmpulse. These residential proxies are networks of legitimate user devices that route traffic on behalf of a paid subscriber. The researchers recently have observed a significant number of mobile devices used in
proxy networks
where the user has a downloaded app on their device using compromised software developer kits (SDKs).
Effectively, the developers of these apps have consented to or have been tricked into using an SDK that enrolls the device of any user running the app in a residential proxy network,
the researchers wrote
. The net sum of this activity is that most of the traffic in these credential-stuffing attacks appear to originate from the mobile devices and browsers of everyday users.
Okta has released a capability into the Workforce Identity Cloud (WIC) and Customer Identity Solution (CIS) that blocks requests from anonymizing services. This feature can be turned on in the settings of the Okta Admin Console. Organizations that want to block access from specific anonymizers must be licensed to use Dynamic Zones, an Adaptive MFA feature.
Okta also recommends that its users shore up best-practice defense measures to prevent account takeovers from credential-stuffing attacks.
Defense in-depth measures, such as utilizing multifactor authentication on externally available employee access portals as well as sensitive internal systems, are needed here, said Thomas Richards, principal consultant at Synopsys Software Integrity Group, in an emailed statement to Dark Reading. Additionally, there are anomalous behavior detection systems that can identify if a user is logging in at an unusual time, physical location, or source IP address.

Last News

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Okta: Credential-Stuffing Attacks Spike via Proxy Networks