H-ISAC TLP Green Threat Proxies and Configurations Used for Credential Stuffing Attacks on Online Customer Accounts

The FBI is highlighting significant details about proxies and configurations used by cyber criminals to mask and automate credential stuffing attacks on US companies, resulting in financial losses associated with fraudulent purchases, customer notifications, system downtime and remediation, as well as reputational damage. Credential stuffing attacks, commonly referred to as account cracking, apply valid username and password combinations, also known as user credentials or “combo lists”, from previously compromised online resources or data leaks. Malicious actors utilizing valid user credentials have the potential to access numerous accounts and services across multiple industries – to include media companies, retail, healthcare, restaurant groups and food delivery – to fraudulently obtain goods, services and access other online resources such as financial accounts at the expense of legitimate account holders. The FBI acknowledges the Australian Federal Police for their assistance collecting the information included in this Private Industry Notification.

View the detailed report below.

For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:

John Riggi

National Advisor for Cybersecurity and Risk, AHA

jriggi@aha.org

(O) +1 202 626 2272