Okta says it is facing unprecented levels of attacks

Password
(Image credit: reklamlar)

Okta says it is facing an “unprecedented” scale of credential stuffing attacks, looking to breach user accounts of its online services. 

Credential stuffing is a type of cyberattack in which threat actors use a previously obtained username/password list and “stuff” them into different services, to see if they can gain access. 

It’s basically just trying out different combinations, but by using automation the process is incredibly fast and the attackers can try hundreds of combinations in minutes. The login credentials are usually purchased off the black market in advance.

Mitigations at the edge

Okta suspects that whoever is behind this campaign has also done the same against Cisco’s VPN services earlier in 2024, as the same infrastructure was used. In all of the attacks, the requests came from the TOR anonymization network as well as different residential proxies.

While only a “small percentage” of customers had these requests proceed to authentication, they all shared similar configurations, the company confirmed. These firms were almost always running on Okta Classic Engine, with ThreatInsight configured in Audit-only mode, as opposed to Log and Enforce mode. What’s more, Authentication policies permitted requests from anonymizing proxies.

In the blog post, Okta provided a set of mitigations for the attacks at the network edge, including going passwordless (Require Okta FastPass and FIDO2 WebAuthn, for example), forcing users into generating stronger passwords, enforcing multi-factor authentication (MFA) on sign-in, denying requests from locations where the organization does not operate, denying authentication requests from IPs with poor reputation, and monitoring for, and responding to, anomalous sign-in behavior.

The blog also announced a new feature for Workforce Identity Cloud and Customer Identity Solution users - the ability to block access requests originating from residential proxies prior to authentication. Residential proxies are IP addresses assigned to real residential locations, often by Internet Service Providers (ISPs).They act as intermediaries between the user and the internet, masking the user’s real IP address and providing anonymity online.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Best email services: image of email with one unread message alert
Over 400 million unwanted and malicious emails were received by businesses in 2024
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Huge cyber attack under way - 2.8 million IPs being used to target VPN devices
person at a computer
Infamous ransomware hackers reveal new tool to brute-force VPNs
A padlock resting on a keyboard.
Massive botnet is targeting Microsoft 365 accounts across the world
Representational image of a shrouded hacker.
Getting to grips with Adversary-in-the-Middle threats
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Cisco, ASUS, QNAP, and Synology devices hijacked to major botnet
Latest in Security
Isometric demonstrating multi-factor authentication using a mobile device.
NCSC gets influencers to sing the praises of 2FA
Sam Altman and OpenAI
OpenAI is upping its bug bounty rewards as security worries rise
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Dangerous new CoffeeLoader malware executes on your GPU to get past security tools
China
Notorious Chinese hackers FamousSparrow allegedly target US financial firms
A digital representation of a lock
NYU website defaced as hacker leaks info on a million students
NHS
NHS IT supplier hit with major fine following ransomware attack
Latest in News
Nintendo Switch 2 Joy-Con up-close from app store
Nintendo's new app gave us another look at the Switch 2, and there's something different with the Joy-Con
cheap Nintendo Switch game deals sales
Nintendo didn't anticipate that Mario Kart 8 Deluxe was 'going to be the juggernaut' for the Nintendo Switch when it was ported to the console, according to former employees
Three angles of the Apple MacBook Air 15-inch M4 laptop above a desk
Apple MacBook Air 15-inch (M4) review roundup – should you buy Apple's new lightweight laptop?
Witchbrook
Witchbrook, the life-sim I've been waiting years for, finally has a release window and it's sooner than you think
Amazon Echo Smart Speaker
Amazon is experimenting with renaming Echo speakers to Alexa speakers, and it's about time
Shigeru Miyamoto presents Nintendo Today app
Nintendo Today smartphone app is out now on iOS and Android devices – and here's what it does