Subj : Okta says it is facing unprecented levels of attacks To : All From : TechnologyDaily Date : Mon Apr 29 2024 10:30:05 Okta says it is facing unprecented levels of attacks Date: Mon, 29 Apr 2024 09:13:18 +0000 Description: Whoever targeted Cisco seems to be casting a wider net as Okta reports attacks from similar infrastructure. FULL STORY ====================================================================== Identity and access management company Okta says it is facing an unprecedented scale of credential stuffing attacks, looking to breach user accounts of its online services. Credential stuffing is a type of cyberattack in which threat actors use a previously obtained username/password list and stuff them into different services, to see if they can gain access. Its basically just trying out different combinations, but by using automation the process is incredibly fast and the attackers can try hundreds of combinations in minutes. The login credentials are usually purchased off the black market in advance. Mitigations at the edge Okta suspects that whoever is behind this campaign has also done the same against Ciscos VPN services earlier this year, as the same infrastructure was used. In all of the attacks, the requests came from the TOR anonymization network as well as different residential proxies . While only a small percentage of customers had these requests proceed to authentication, they all shared similar configurations, the company confirmed. These firms were almost always running on Okta Classic Engine, with ThreatInsight configured in Audit-only mode, as opposed to Log and Enforce mode. Whats more, Authentication policies permitted requests from anonymizing proxies . In the blog post , Okta provided a set of mitigations for the attacks at the network edge, including going passwordless (Require Okta FastPass and FIDO2 WebAuthn, for example), forcing users into generating stronger passwords, enforcing multi-factor authentication (MFA) on sign-in, denying requests from locations where the organization does not operate, denying authentication requests from IPs with poor reputation, and monitoring for, and responding to, anomalous sign-in behavior. The blog also announced a new feature for Workforce Identity Cloud and Customer Identity Solution users - the ability to block access requests originating from residential proxies prior to authentication. Residential proxies are IP addresses assigned to real residential locations, often by Internet Service Providers (ISPs).They act as intermediaries between the user and the internet, masking the users real IP address and providing anonymity online. More from TechRadar Pro Credential spraying from thousands of IP addresses are targeting VPNs, Cisco warns Here's a list of the best firewalls around today These are the best endpoint security tools right now ====================================================================== Link to news story: https://www.techradar.com/pro/security/okta-says-it-is-facing-unprecented-leve ls-of-attacks --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .