In a credential-stuffing attack, adversaries try to log into online services using extensive lists of usernames and passwords, which they may have acquired from past data breaches, unrelated sources, phishing schemes, or malware campaigns, according to the company.
“Organizations are highly encouraged to strongly harden IAM against multiple tactics of abuse, especially credential stuffing, to ensure multiple layers of proactive controls to lower risk against attack from multiple threat actors eager to intrude and exploit,” said Ken Dunham, cyber threat director at Qualys Threat Research Unit. “Don’t let threat actors be your IAM auditor, move beyond complex password basics to harden your authentication of users and accounts to ensure you’re not the next breach victim in the news.”
A few of the high-profile data breaches this month include breaches that affected a Europol website, Dell Technologies, and a Zscaler “test environment.” However, the attempting credentials, as used by the threat actors, used on a vulnerable Okta feature could have come from a much older data breach.