Bytes - Smarter together
Bytes - Smarter together

Cyber Security Alert: Okta Credential Stuffing Attack

Tuesday 30th April 2024

OKTA Credential Stuffing Surge: Okta has reported an “unprecedented” increase in credential stuffing attacks targeting their identity and access management solutions, leading to breaches in some customer accounts. Attacks occurred between 19th April and 26th April 2024.

Attack Method: Attackers used automated methods to test combinations of usernames and passwords, often sourced from cybercriminals, to compromise user accounts. This is known as credential stuffing. The attacks appear to originate from the same infrastructure identified in previous brute-force and password-spraying attacks reported by Cisco Talos, utilising the TOR network and various residential proxies. The attacks shared infrastructure with previous attacks on global VPN users. 

Analyst Comment: Credential stuffing is a cyber-attack in which credentials obtained from a data breach on one service are used to attempt to log in to another unrelated service. Credential stuffing is widespread due to massive lists of breached credentials being traded and sold on the darkweb. These collections contain millions of login credentials. Even though the success rate of credential stuffing attacks is very low (around 0.1%), the sheer volume of credential collections makes it worthwhile for attackers. 

Analyst Assessment: This surge in attacks highlights the importance of robust identity and access management solutions and the need for continuous monitoring and adaptation to emerging threats. Protecting against credential stuffing attacks is a shared responsibility. Both online platforms and users must take proactive steps to secure their accounts, and this includes not reusing passwords!

OKTA recommendations:

Okta has provided several recommendations to mitigate the risk of credential stuffing attacks:

1. Passwordless Authentication: Implementing passwordless authentication can reduce the risk of credential stuffing as it eliminates the need for users to remember and enter passwords.

2. Multi-Factor Authentication (MFA): Enforcing MFA adds an additional layer of security by requiring users to provide two or more verification factors to gain access to a resource such as an application or online account.

3. Strong Passwords: Encouraging the use of strong, unique passwords can help protect against credential stuffing. A strong password typically includes a mix of uppercase and lowercase letters, numbers, and special characters.

4. Deny Requests Outside Company’s Locations: Blocking access requests from locations outside the company’s operational areas can help prevent unauthorised access.

5. Block IP Addresses of Ill Repute: Blocking IP addresses known to be associated with malicious activity can help protect against various types of cyberattacks, including credential stuffing.

6. Monitor and Respond to Anomalous Sign-Ins: Keeping an eye on sign-in activity and responding quickly to any unusual patterns can help catch credential stuffing attacks early.

7. In addition to these measures, Okta’s Single Sign-On (SSO) solution provides a single, user-friendly way for end users to access all their applications. This service mitigates the risk created by password reset systems, as users only need to remember a single password to log in to multiple services and applications.

If you have any questions relating to this article, or would like to learn more about this alert, please reach out to your dedicated Bytes Account Manager, so email [email protected].

References:

Want to keep informed? Sign up to our Newsletter

Connect