Oasis Ticket Sales Scams: How to Stay Safe
During our weekly meetings with the banking industry and Police Scotland, we continue to see a significant increase in ticket scams over the last three…
Credential Stuffing Surge Targets Businesses and Individuals.
The recent surge in credential stuffing attacks highlighted by Okta serves as a stark reminder of the importance of robust cyber security practices. These attacks have become increasingly sophisticated and widespread, posing a major threat to businesses and individuals.
Understanding the Okta Attacks
In April 2024, Okta, a leading identity, and access management company, reported a significant spike in credential stuffing attacks targeting its customers. Here’s what sets these attacks apart:
- Scale and Automation: The attacks were unprecedented in size and carried out through automated botnets for maximum impact.
- Residential Proxies: Attackers used residential proxies – networks of real user devices – to disguise their location and bypass traditional security measures.
- Targeting: The attacks targeted online services across various sectors.
Key Takeaways for Protection
The Okta attacks underscore the importance of taking proactive steps to defend against credential stuffing:
- Unique, Strong Passwords Never reuse passwords across multiple accounts. Use a password manager like Okta 1Password, ProtonPass to store complex and unique passwords.
- Multi-Factor Authentication (MFA): Enable MFA as an added layer of security, making it much harder for hackers to compromise accounts.
- Block Residential Proxies: Businesses should invest in the ability to block traffic originating from residential proxy services.
- Monitor for Suspicious Activity: Stay alert for login attempts from unusual locations or devices.
Specific Advice for Okta Customers
If you are an Okta customer, here are additional measures to consider:
- Upgrade to Okta Identity Engine: Benefit from the latest security features.
- Enforce ThreatInsight in “Log and Enforce” Mode: Actively block suspicious IPs.
- Review Authentication Policies: Ensure you are denying access requests from anonymising services.
Credential stuffing is a persistent threat fuelled by poor password habits. By taking the outlined precautions and staying updated on the latest attack methods, individuals and businesses can significantly reduce their risk of falling victim to these attacks.
Related articles
Alert: Unpatched Microsoft Office Vulnerability Exposes NTLM Hashes
Microsoft has recently disclosed a significant security vulnerability affecting multiple versions of its Office suite, including Office 2016, Office 2019, Office LTSC 2021 and Microsoft…
Public Alert: Windows 11 End of Support – Action Required
Microsoft has issued an important reminder that multiple editions of Windows 11 will reach the end of their support lifecycle on 8 October 2024. This…