About the attack
Threat actors are actively hacking home IP addresses to conceal credential stuffing attacks and boost their chances of successful conduct, FBI alerts.
Credential stuffing is a famous method of account hijacking where hackers use large lists of compromised login credentials combos and use them across various websites and apps aggressively to check if they’re working. We all know that some users reuse same passwords, so the trick usually works.
How are stolen credentials used?
Working credentials are then sold to others for early access. FBI said the config may include the website address to target, how to form the HTTP request, how to differentiate between a successful vs unsuccessful login attempt, whether proxies are needed, etc.
In addition, cracking tutorial videos available via social media platforms and hacker forums make it relatively easy to learn how to crack accounts using credential stuffing and other techniques.
Leveraging proxies and configurations automates the process of attempting logins across various sites and facilitates exploitation of online accounts.
Who are the victims?
In particular, media companies and restaurant groups are considered lucrative
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: