Vulnerability Management
FBI issues credential stuffing attack warning
SecurityWeek reports that the FBI has warned about U.S. organizations being targeted with credential stuffing attacks that are being automated and concealed with the use of configurations and proxies.
Configurations and proxies could enable automated brute-force attacks and account exploitation, according to the FBI.
"In particular, media companies and restaurant groups are considered lucrative targets for credential stuffing attacks due to the number of customer accounts, the general demand for their services, and the relative lack of importance users place on these types of accounts," the FBI said.
Username and password "combo lists" and configurations could be bought by threat actors from forums. Meanwhile, proxies could be leveraged for IP address obfuscation, noted the FBI.
"In some instances, actors conduct credential stuffing attacks without the use of proxies, requiring less time and financial resources to execute. Some cracking tools, including one of the most popular automated attack tools, allow actors to run the software without proxies," said the bureau, which also recommended the implementation of multi-factor authentication and good password hygiene to circumvent such attacks.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds