Flash Notice: Okta Warns of Credential Stuffing Attacks

overview

Over the weekend, Okta Inc. reported a significant rise in credential stuffing attacks targeting online services. These attacks, which exploit compromised usernames and passwords obtained from various sources including past data breaches, phishing campaigns, and malware, put many organizations at risk. 

Throughout April 2024, Okta has witnessed a surge in the frequency and scale of these attacks, facilitated by the widespread availability of residential proxy services and sophisticated scripting tools. Notably, the threat actors behind the attacks are leveraging anonymizing services such as TOR, DataImpulse, Luminati, and NSocks to carry out their malicious activities.  

These attacks are not isolated incidents and it’s important for all customers to take proactive measures to safeguard their accounts and data. Okta strongly advises implementing the following actions: 

• Block Access Requests from Residential Proxies: Utilize available tools to prevent access requests originating from residential proxies before authentication occurs. This can significantly impede the progress of credential stuffing attempts. 
• Enhance Authentication Policies: Review and strengthen authentication policies to deny access requests from anonymizing proxies. Consider switching to Okta Identity Engine and enabling ThreatInsight in Log and Enforce mode for heightened security. 
• Upgrade Security Features: Take advantage of Okta's advanced security features, such as CAPTCHA challenges for risky sign-ins and passwordless authentication using Okta FastPass. These features are available in all Okta SKUs and can provide an additional layer of defense against malicious activities. 
• Promote Good Password Hygiene: Encourage users to adopt strong, unique passwords and regularly update them. Implement multi-factor authentication (MFA) to further fortify account security. 
• Monitor and Respond: Remain vigilant against anomalous behavior and promptly respond to any suspicious activities. Implement robust monitoring systems to detect and mitigate potential threats in real-time. 

By implementing these proactive measures, organizations can significantly reduce the risk of falling victim to credential stuffing attacks and safeguard. Also, please see Okta’s comprehensive list of recommendations in their advisory.  

As always, Avertium is here to help. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.   

How Avertium is Protecting Our CUSTOMERS

• Fusion MXDR is the first MDR offering that fuse together all aspects of security operations into a living, breathing, threat-resistant XDR solution. By fusing insights from threat intelligence, security assessments, and vulnerability management into our MDR approach, Fusion MXDR offers a more informed, robust, and cost-effective approach to cybersecurity – one that is greater than the sum of its parts. 

SUPPORTING DOCUMENTATION