Credential stuffing cyberattacks have recently reached record levels, warns identity and access management (IAM) services provider Okta.
From April 19 to April 26, 2024, Okta's Identity Threat Research found an increase in credential stuffing activity against user accounts, most likely from the same infrastructure.
These unprecedented attacks are said to have been made possible by the increasing availability of "combo lists" of previously stolen passwords, home proxy services, and scripting tools.
The findings build on a recent advisory from Cisco that stated that, since March 18 of this year, there has been a global rise in brute-force attacks against various devices, including web application authentication interfaces, Virtual Private Network (VPN) services, and SSH services.
(Photo: Sean Gallup/Getty Images) In this photo illustration, a young man types on an illuminated computer keyboard, typically favored by computer coders, on January 25, 2021, in Berlin, Germany. 2020 saw a sharp rise in global cybercrime, partly driven by the jump in online retailing that ensued during national lockdowns as governments sought to rein in the coronavirus pandemic.
Adversaries attempt to log in to internet services through credential stuffing attacks by using large datasets of usernames and passwords that they have obtained through phishing schemes, malware, or previous data breaches of unaffiliated companies.
These credentials could also be obtained by malware attacks that infect compromised computers with information thieves or phishing attempts that direct users to websites that gather credentials.
The company claims that all of the new attacks it has observed depend on requests being conducted through anonymizing services such as TOR.
Millions of requests were also made through other residential proxies, such as DataImpulse, and NSOCKS.
Read Also: Medical Tech Company LivaNova Reports Cyberattack Compromising US Patients Data
Roku's Credential Stuffing Attack
Consequently, the streaming platform Roku is one of the more recent victims of credential stuffing attacks. Hackers broke into Roku's infrastructure and accessed over 15,000 user accounts with sensitive data.
Due to the vulnerability, hackers allegedly sell hundreds of accounts online using the owner's stored credit card information to make unauthorized payments.
The company, which has more than 80 million active users, confirmed the intrusion in early March in paperwork submitted to the California and Maine attorneys general.
According to the papers, 15,363 were compromised between December 28, 2023, and February 21, 2024.
The company claims that threat actors may change any user data, including passwords, email addresses, and shipping addresses, after an account is compromised.
However, Roku made it clear that the unauthorized actors who were able to access the affected Roku accounts did not possess any critical personal information that needed to be revealed, such as dates of birth, social security numbers, or full payment account numbers.
As a result, the user was effectively locked out of the account, allowing threat actors to conduct purchases using the credit card details that had been stored without actually emailing the account holder order confirmations.
UnitedHealth Cyberattack
Following its subsidiary, Change Healthcare, which was the target of a ransomware assault earlier this year, UnitedHealth has also revealed lately that a sizable number of Americans had their health information stolen.
The health insurance behemoth claims that, based on its initial targeted data sampling, it has found files containing personally identifiable information that may encompass a substantial portion of the US population.
Related Article: Frontier Communications Suffers Cyber Breach by Unknown Cybercrime Group