FBI Alerts About Credential Stuffing Attacks, Configurations and Proxies Used

What is Credential Stuffing?

Credential stuffing attacks, also known as account cracking , consist trying to get online accounts via password and username combos from existing data leaks or which were bought on dark web forums. 

Depending on the fact that users keep using the same login for various accounts, credential stuffing attacks usually lead to significant financial damage caused by fraud purchases and system remediation and downtime, but also lead towards reputational damage. 

How is the attack done?

The use of authentic credentials lets hackers to access accounts and services across different sectors, this includes healthcare, media companies, restaurant groups, retail chains, and food delivery firms. 

Once the accounts are breached, the hackers make fake purchases of goods and services, trying to access extra online resources, this includes additional financial accounts. FBI warns that proxies and configurations let cybercriminals to automate exploitation and brute force of accounts. 

FBI involved 

FBI said in particular, media companies and restaurant groups are considered lucrative targets for credential stuffing attacks due to the number of customer accounts, the general demand for their services, and the relative lack of importance users place on these types of accounts.&

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents

Read the original article:

Liked it? Take a second to support IT Security News on Patreon!
Become a patron at Patreon!