Security News > 2024 > April > Okta warns customers about credential stuffing onslaught

Credential stuffing attacks have exploded this April, Okta warns, and advises its customers to use available tools to block access requests originating from residential proxies before authentication takes place.

"In credential stuffing attacks, adversaries attempt to sign-in to online services using large lists of usernames and passwords obtained from previous data breaches of unrelated entities, or from phishing or malware campaigns," Okta's Moussa Diallo and Brett Winterford explained.

The credential stuffing attacks are automated via scripting tools.

The infrastructure used in these latest attacks observed by Okta is similar to the one Duo Security and Cisco Talos researchers spotted launching large-scale brute force attacks on VPN devices and SSH services in March.

"The small percentage of customers where these suspicious requests proceeded to authentication shared similar configurations: The Org was nearly always running on the Okta Classic Engine, ThreatInsight was configured in Audit-only mode, and Authentication policies permitted requests from anonymizing proxies," Diallo and Winterford shared.

"These basic features are available in all Okta SKUs. Upgrading to Okta Identity Engine is free, often highly automated, and provides access to a range of features including CAPTCHA challenges for risky sign-ins and passwordless authentication using Okta FastPass," they added.

News URL

https://www.helpnetsecurity.com/2024/04/29/okta-credential-stuffing/