Alert: PayPal ‘New Address’ Phishing Scam
The Cyber and Fraud Centre Scotland would like to alert the public to a recent phishing scam exploiting PayPal’s “New Address” feature. How the Scam…
Credential Stuffing Surge Targets Businesses and Individuals.
The recent surge in credential stuffing attacks highlighted by Okta serves as a stark reminder of the importance of robust cyber security practices. These attacks have become increasingly sophisticated and widespread, posing a major threat to businesses and individuals.
Understanding the Okta Attacks
In April 2024, Okta, a leading identity, and access management company, reported a significant spike in credential stuffing attacks targeting its customers. Here’s what sets these attacks apart:
- Scale and Automation: The attacks were unprecedented in size and carried out through automated botnets for maximum impact.
- Residential Proxies: Attackers used residential proxies – networks of real user devices – to disguise their location and bypass traditional security measures.
- Targeting: The attacks targeted online services across various sectors.
Key Takeaways for Protection
The Okta attacks underscore the importance of taking proactive steps to defend against credential stuffing:
- Unique, Strong Passwords Never reuse passwords across multiple accounts. Use a password manager like Okta 1Password, ProtonPass to store complex and unique passwords.
- Multi-Factor Authentication (MFA): Enable MFA as an added layer of security, making it much harder for hackers to compromise accounts.
- Block Residential Proxies: Businesses should invest in the ability to block traffic originating from residential proxy services.
- Monitor for Suspicious Activity: Stay alert for login attempts from unusual locations or devices.
Specific Advice for Okta Customers
If you are an Okta customer, here are additional measures to consider:
- Upgrade to Okta Identity Engine: Benefit from the latest security features.
- Enforce ThreatInsight in “Log and Enforce” Mode: Actively block suspicious IPs.
- Review Authentication Policies: Ensure you are denying access requests from anonymising services.
Credential stuffing is a persistent threat fuelled by poor password habits. By taking the outlined precautions and staying updated on the latest attack methods, individuals and businesses can significantly reduce their risk of falling victim to these attacks.
Related articles
Gift Card Scams: Understanding and Preventing a Rising Trend
Gift card scams are a significant threat, with fraudsters increasingly targeting both businesses and individuals through sophisticated social engineering techniques. This article examines gift card…
Massive Brute Force Attack Targeting Networking Devices
A large-scale brute force attack is underway, using nearly 2.8 million IP addresses daily to target networking devices from Palo Alto Networks, Ivanti, and SonicWall….