Vulnerability Management

FBI issues credential stuffing attack warning

SecurityWeek reports that the FBI has warned about U.S. organizations being targeted with credential stuffing attacks that are being automated and concealed with the use of configurations and proxies. Configurations and proxies could enable automated brute-force attacks and account exploitation, according to the FBI. "In particular, media companies and restaurant groups are considered lucrative targets for credential stuffing attacks due to the number of customer accounts, the general demand for their services, and the relative lack of importance users place on these types of accounts," the FBI said. Username and password "combo lists" and configurations could be bought by threat actors from forums. Meanwhile, proxies could be leveraged for IP address obfuscation, noted the FBI. "In some instances, actors conduct credential stuffing attacks without the use of proxies, requiring less time and financial resources to execute. Some cracking tools, including one of the most popular automated attack tools, allow actors to run the software without proxies," said the bureau, which also recommended the implementation of multi-factor authentication and good password hygiene to circumvent such attacks.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.