Okta Warns of Credential Stuffing Attacks Targeting Customer Identity Cloud

Avatar
Okta is warning that a cross-origin authentication feature in Customer Identity Cloud (CIC) is susceptible to credential stuffing attacks orchestrated by threat actors. “We observed that the endpoints used to support the cross-origin authentication feature being attacked via credential stuffing for a number of our customers,” the Identity and access management (IAM) services provider said. The

Okta is warning that a cross-origin authentication feature in Customer Identity Cloud (CIC) is susceptible to credential stuffing attacks orchestrated by threat actors.

“We observed that the endpoints used to support the cross-origin authentication feature being attacked via credential stuffing for a number of our customers,” the Identity and access management (IAM) services provider said.

The suspicious activity commenced on April 15, 2024, with the company noting that it “proactively” informed customers that had the feature enabled. It did not disclose how many customers were impacted by the attacks.

Credential stuffing is a type of cyber attack in which adversaries attempt to sign in to online services using an already available list of usernames and passwords obtained either from previous data breaches, or from phishing and malware campaigns.

As recommended actions, users are being asked to review tenant logs for any signs of unexpected login events – failed cross-origin authentication (fcoa), success cross-origin authentication (scoa), and breached password (pwd_leak) – rotate credentials, and restrict or disable cross-origin authentication for tenants.

Tenants are likely to have been targeted in a credential stuffing attack regardless of whether cross-origin authentication is used or not if scoa or fcoa events are present in event logs and if there is an increase in the failure-to-success events.

Other mitigations include enabling breached password detection or Credential Guard, prohibiting users from choosing weak passwords, and enrolling them in passwordless, phishing resistant authentication using new standards such as passkeys.

The development arrives a month after the company alerted of an uptick in the “frequency and scale” of credential stuffing attacks aimed at online services that’s facilitated using residential proxy services.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

 The Hacker News 

Total
0
Shares
Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

Cybercriminals Abuse StackOverflow to Promote Malicious Python Package

Next Post

U.S. Dismantles World’s Largest 911 S5 Botnet, with 19 Million Infected Devices

Related Posts

CapraRAT Spyware Disguised as Popular Apps Threatens Android Users

The threat actor known as Transparent Tribe has continued to unleash malware-laced Android apps as part of a social engineering campaign to target individuals of interest. "These APKs continue the group's trend of embedding spyware into curated video browsing applications, with a new expansion targeting mobile gamers, weapons enthusiasts, and TikTok fans," SentinelOne security researcher Alex
Avatar
Read More

60 New Malicious Packages Uncovered in NuGet Supply Chain Attack

Threat actors have been observed publishing a new wave of malicious packages to the NuGet package manager as part of an ongoing campaign that began in August 2023, while also adding a new layer of stealth to evade detection. The fresh packages, about 60 in number and spanning 290 versions, demonstrate a refined approach from the previous set that came to light in October 2023, software supply
Avatar
Read More