According to Okta's user warning, the availability of residential proxy services, stolen credentials, and scripting tools has led to an increase in credential-stuffing assaults that target online services.
The Okta research team noticed a rise in credential-stuffing attempts against Okta accounts between April 19 and April 26.
Tor network
Researchers at Okta Security Moussa Diallo and Brett Winterford have noticed that a similar element unites all of the recent attacks: a big portion of the requests are made using an anonymizing tool like Tor.
Furthermore, the researchers discovered that millions of queries were sent via a variety of residential proxies, including Datalmpulse, Luminati, and NSOCKS. In technical terms, these residential proxies are "networks of legitimate user devices that route traffic on behalf of a paid subscriber."
How to strengthen defenses against attacks?
Additionally, Okta advises its customers to strengthen best-practice defenses against credential-stuffing attacks, which can lead to account takeovers.
According to Thomas Richards, principal consultant at Synopsys Software Integrity Group, defense-in-depth measures, such as utilizing multifactor authentication on externally available employee access portals as well as sensitive internal systems, are needed here.
Richards sent Dark Reading an email. Also, there are malicious behavior detection systems that can tell if a user is logging in at an unusual time, physical location, or source IP address.
Residential Proxies: What are they?
Residential Proxy Services: Attacks have increased in part because residential proxy services are more widely available. These proxies make it more difficult to determine the origin of requests by routing traffic on behalf of subscribers who pay for them.
Stolen Credentials: To obtain unauthorized access, attackers are using previously stolen credentials, sometimes known as "combo lists."
Scripting Tools: Attackers can now fill out login fields with credentials thanks to the availability of scripting tools.
User Responsibility
Individuals also play a crucial role in preventing credential-stuffing attacks:
Unique Passwords: Avoid reusing passwords across different services. Use a password manager to generate and store complex, unique passwords.
Regular Monitoring: Regularly check for suspicious activity in your accounts. Enable notifications for login attempts and account changes.
Stay Informed: Keep abreast of security news and best practices. Awareness is the first line of defence.
Proxy types
Residential Proxies: Residential proxy services allow attackers to route their traffic through legitimate residential IP addresses. These proxies are harder to block because they appear as regular user traffic.
Anonymity and Untraceability: Proxy networks provide anonymity, making it challenging for security teams to trace the source of malicious requests. Attackers can easily switch between different proxies to avoid detection.
Mobile Devices as Proxies: Researchers have observed an unprecedented number of mobile devices unwittingly participating in proxy networks. Compromised software developer kits (SDKs) in mobile apps enrol these devices, turning them into unwitting proxies.
