About the attack
Threat actors are actively hacking home IP addresses to conceal credential stuffing attacks and boost their chances of successful conduct, FBI alerts.
Credential stuffing is a famous method of account hijacking where hackers use large lists of compromised login credentials combos and use them across various websites and apps aggressively to check if they're working. We all know that some users reuse same passwords, so the trick usually works.
How are stolen credentials used?
Working credentials are then sold to others for early access. FBI said the config may include the website address to target, how to form the HTTP request, how to differentiate between a successful vs unsuccessful login attempt, whether proxies are needed, etc.
In addition, cracking tutorial videos available via social media platforms and hacker forums make it relatively easy to learn how to crack accounts using credential stuffing and other techniques.
Leveraging proxies and configurations automates the process of attempting logins across various sites and facilitates exploitation of online accounts.
Who are the victims?
In particular, media companies and restaurant groups are considered lucrative targets for credential stuffing attacks due to the number of customer accounts, the general demand for their services, and the relative lack of importance users place on these types of accounts.
The Australian Federal Police and FBI discovered two websites having more than 300,000 sets of credentials attained via credential stuffing.
How many users affected?
The sites had more than 175,000 registered users and made around $400,000 in sales. But website admins can notice any malicious activity if they know what to look for. At this point comes the role of residential proxies.
Cyber criminals may also target a company’s mobile applications as well as the website. Mobile applications, which often have weaker security protocols than traditional web applications, frequently permit a higher rate of login attempts, known as checks per minute (CPMs), facilitating faster account validation.
Experts believe that by breaching home routers or other connected tech, hackers can focus their attempts through benign looking IPs to evade network defenders.
Existing security protocols can't flag or restrict residential proxies as often as proxies linked to data centers. Along with combo lists, threat actors purchase 'configs' or configurations, and other tools on dark forums to increase the success rates.
