Credential stuffing attacks are increasing [6], with threat actors using automated processes to test multiple username/password combinations in a short amount of time.


Okta has observed a rise in credential stuffing attacks [2] [3] [6], where threat actors use automated methods to try hundreds of username/password combinations in minutes. These attacks are made possible by stolen passwords and the use of home proxy services like NSOCKS, Luminati [1] [2] [3] [5] [6], and DataImpulse [1] [3] [5], as well as anonymizing services such as Tor. Hackers have targeted Okta and Cisco’s VPN services [4], with some attacks successfully authenticating credentials. Okta customers using the Identity Engine with ThreatInsight enabled in log and enforce mode were protected [1], while those using the Classic Engine with ThreatInsight in audit-only mode and authentication policies allowing requests from anonymizing proxies were more vulnerable. The majority of the traffic in these attacks comes from everyday users’ devices and browsers, rather than VPS providers [1]. To mitigate the risk of compromised accounts [2], Okta recommends implementing multifactor authentication [5], enforcing strong password policies [2] [4], denying login requests from unauthorized locations [2] [4], and monitoring for anomalous sign-in behavior [4]. Cisco has also raised concerns about global brute-force attacks targeting VPN services [2], web applications [2] [6], and SSH services [2] [6], highlighting the importance of cybersecurity measures. A new feature allows users to block access requests from residential proxies before authentication [4], which are IP addresses assigned to real residential locations [4], providing online anonymity.


Credential stuffing attacks pose a significant threat, but implementing security measures such as multifactor authentication and strong password policies can help mitigate risks. The rise in these attacks underscores the importance of cybersecurity in protecting against evolving threats.