Cybercrime is a growing concern for individuals and organizations alike. One of the most prevalent forms of cybercrime is credential stuffing, where cybercriminals use large collections of previously leaked username and password combinations to try and gain unauthorized access to various online platforms. Recently, the Federal Bureau of Investigation (FBI) has issued a warning about a rising trend of cybercriminals using residential proxies to conduct large-scale credential stuffing attacks without being tracked, flagged, or blocked.
What is Credential Stuffing
Credential stuffing is a type of attack where cybercriminals use large collections of username/password combinations exposed in previous data breaches to try and gain access to other online platforms. Because people commonly use the same password at every site, cybercriminals have ample opportunity to take over accounts without cracking passwords or phishing any other information. These attacks have the potential to access numerous accounts and services across multiple industries.
Why are Residential Proxies Being Used
Residential proxies are end-user computer or home routers that accept and forward requests, making it appear like a connection is from them rather than the actual initiator (attacker). These proxies are preferable over data center-hosted proxies because they make it harder for protection mechanisms to discern between suspicious and regular consumer traffic. Using these tools, cybercriminals automate credential stuffing attacks, with bots attempting to log in across numerous sites using previously stolen login credentials. Moreover, some of these proxy tools offer the option to brute-force account passwords or include “configs” that modify the attack to accommodate particular requirements, like having a unique character, minimum password length, etc.
How can Organizations Protect Themselves
The FBI has issued several recommendations for organizations to defend against credential stuffing attacks and similar account cracking attacks. These recommendations include:
- Enabling Multi-Factor Authentication (MFA)
- Avoiding using passwords that were leaked in previous data breaches
- Obliging users to reset their passwords if their current ones have been compromised
- Using fingerprinting to detect suspicious activity
- Limiting suspicious users through shadow banning
- Monitoring for default user agent strings used by credential stuffing tools
Conclusion
Credential stuffing is a growing concern for individuals and organizations alike. Cybercriminals are using residential proxies to hide their actual IP address behind ones commonly associated with home users, which are unlikely to be present in blocklists. Organizations can protect themselves by implementing the recommendations provided by the FBI such as enabling Multi-Factor Authentication, avoiding using passwords that were leaked in previous data breaches, using fingerprinting to detect suspicious activity, limiting suspicious users through shadow banning, and monitoring for default user agent strings used by credential stuffing tools. It is important to stay vigilant and be proactive in protecting against cybercrime to ensure the security of personal and organizational information.
