Okta Flags Major Increase In Anonymizer-Based Stuffing Attacks

Penka Hristovska

Published on: May 1, 2024

Identity and access management services provider Okta reported a surge in credential stuffing attacks aimed at online services via anonymizers like residential proxies and The Onion Router (Tor) network.

In credential stuffing attacks, hackers use stolen credentials — often sourced from previous data breaches, to attempt unauthorized access across multiple platforms. Bad actors usually use automated tools to input these credentials across numerous websites, hoping to capitalize on the common habit of password reuse. The strategy behind these attacks is a numbers game: by attempting enough logins, some are likely to succeed.

The company said the recent increase in attacks over the past month has been driven by the widespread availability of residential proxy services, extensive lists of stolen credentials known as “combo lists,” and scripting tools.

“All recent attacks we have observed share one feature in common: they rely on requests being routed through anonymizing services such as TOR. Millions of the requests were also routed through a variety of residential proxies including NSOCKS, Luminati and DataImpulse,” Okta writes in its alert.

Residential proxies route internet traffic through the connections of actual residential users, making it appear activity is coming from a regular home IP address. This gives users anonymity and the ability to appear as if they are accessing the internet from a different location.

“Sometimes a user device is enrolled in a proxy network because the user consciously chooses to download ‘proxyware’ into their device in exchange for payment or something else of value,” Okta explains. “At other times, a user device is infected with malware without the user’s knowledge and becomes enrolled in what we would typically describe as a botnet.”

The recent findings from Okta echo a prior advisory from Cisco, which warned about a global increase in brute-force attacks. According to Cisco Talos, these attacks have targeted a range of devices including VPN services, SSH services, and web application authentication interfaces.

To reduce the risk of credential stuffing attacks, Okta advises blocking requests from anonymizing services and IP addresses known for such activities. They also recommend following strong password practices, implementing multi-factor authentication (MFA), and opting for passwordless authentication.

SEO Powered Content & PR Distribution. Get Amplified Today.
PlatoData.Network Vertical Generative Ai. Empower Yourself. Access Here.
PlatoAiStream. Web3 Intelligence. Knowledge Amplified. Access Here.
PlatoESG. Carbon, CleanTech, Energy, Environment, Solar, Waste Management. Access Here.
PlatoHealth. Biotech and Clinical Trials Intelligence. Access Here.
Source: https://www.safetydetectives.com/news/okta-flags-major-increase-in-anonymizer-based-stuffing-attacks/

Generative Data Intelligence

Okta Flags Major Increase in Anonymizer-Based Stuffing Attacks

Bridging the Blockchain Divide: The Revolutionary Role of Wormhole Messaging in Enhancing Interoperability

Unifying Digital Frontiers: Wormhole Messaging’s Role in Blockchain Interoperability and the Future of Decentralized Communication

Latest Intelligence

Beyond Boundaries: Wormhole Messaging and the Future of Blockchain Interoperability

Bridging the Digital Divide: Wormhole Messaging and the Future of Blockchain Interoperability

Revolutionizing Blockchain Interoperability: The Emergence of Wormhole Messaging and Its Impact on the Decentralized Ecosystem

Revolutionizing Blockchain Networks: The Power of Wormhole Messaging for Interoperability and Beyond

Bridging the Digital Divide: Wormhole Messaging and the Future of Blockchain Interoperability

Global Coral Reefs Under Threat: 60.5% Have Bleached in Past Year, NOAA Reports – Stay Informed with EcoWatch’s Newsletter