The company gave recommendations to users on how to protect their accounts.
Okta warns about a sharp increase in the number and scale of attacks by selecting credentials aimed at online services. According to Okta, the attacks were made possible by the widespread use of resident proxy services, lists of previously stolen credentials, and scripting tools.
These findings are supported by a recent warning from Cisco, which points to a global increase in brute-force attacks on various devices, including VPN services, web application authentication interfaces, and SSH services. According to Cisco, the sources of attacks are TOR exit nodes and other anonymizing tunnels and proxies. The targets of the attacks were Cisco VPN devices, Check Point, Fortinet, SonicWall, as well as routers from Draytek, MikroTik and Ubiquiti.
The Okta research group noted an increase in the activity of selecting credentials from April 19 to April 26, 2024, presumably using a similar infrastructure. Attacks of this type use credentials obtained as a result of data leaks on one service to attempt to log in to another, unrelated service.
As Okta points out, most of the requests in recent attacks went through TOR and various resident proxies, including NSOCKS, Luminati, and DataImpulse. Resident proxies (RESIP) use networks of legitimate users ' devices to mask malicious traffic without their consent, turning "participants" into part of a botnet, which is then rented out to clients to anonymize outgoing traffic.
To reduce the risk of account hijacking, Okta recommends that organizations ensure the use of complex passwords, enable two-factor authentication (2FA), and reject requests from geographic regions that are not related to the location of work, and from IP addresses with a bad reputation.
Okta warns about a sharp increase in the number and scale of attacks by selecting credentials aimed at online services. According to Okta, the attacks were made possible by the widespread use of resident proxy services, lists of previously stolen credentials, and scripting tools.
These findings are supported by a recent warning from Cisco, which points to a global increase in brute-force attacks on various devices, including VPN services, web application authentication interfaces, and SSH services. According to Cisco, the sources of attacks are TOR exit nodes and other anonymizing tunnels and proxies. The targets of the attacks were Cisco VPN devices, Check Point, Fortinet, SonicWall, as well as routers from Draytek, MikroTik and Ubiquiti.
The Okta research group noted an increase in the activity of selecting credentials from April 19 to April 26, 2024, presumably using a similar infrastructure. Attacks of this type use credentials obtained as a result of data leaks on one service to attempt to log in to another, unrelated service.
As Okta points out, most of the requests in recent attacks went through TOR and various resident proxies, including NSOCKS, Luminati, and DataImpulse. Resident proxies (RESIP) use networks of legitimate users ' devices to mask malicious traffic without their consent, turning "participants" into part of a botnet, which is then rented out to clients to anonymize outgoing traffic.
To reduce the risk of account hijacking, Okta recommends that organizations ensure the use of complex passwords, enable two-factor authentication (2FA), and reject requests from geographic regions that are not related to the location of work, and from IP addresses with a bad reputation.