What is Credential Stuffing?
Credential stuffing attacks, also known as account cracking , consist trying to get online accounts via password and username combos from existing data leaks or which were bought on dark web forums.
Depending on the fact that users keep using the same login for various accounts, credential stuffing attacks usually lead to significant financial damage caused by fraud purchases and system remediation and downtime, but also lead towards reputational damage.
How is the attack done?
The use of authentic credentials lets hackers to access accounts and services across different sectors, this includes healthcare, media companies, restaurant groups, retail chains, and food delivery firms.
Once the accounts are breached, the hackers make fake purchases of goods and services, trying to access extra online resources, this includes additional financial accounts. FBI warns that proxies and configurations let cybercriminals to automate exploitation and brute force of accounts.
FBI involved
FBI said in particular, media companies and restaurant groups are considered lucrative targets for credential stuffing attacks due to the number of customer accounts, the general demand for their services, and the relative lack of importance users place on these types of accounts.
FBI has issued a warning that hackers can buy combo lists of login credentials from dedicated platforms and websites with configs (configurations) that let hackers to modify credential stuffing tools for targeting victims.
The configuration consists HTTPS request format, website's address, how to identify successful attempts, if proxies are needed etc. The FBI also said that cybercriminals can get video tutorials to learn how credential stuffing can use to hack accounts.
Security Week says "to bypass defenses, threat actors may employ proxies, including legitimate proxy services, to obfuscate their actual IP addresses. According to the FBI, cybercriminals have extensively used residential proxies to execute credential stuffing attacks, as these are blocked less frequently compared to proxies associated with data centers."
