Even though there are warnings all over the internet about the risks of reusing passwords and the ease that threat actors can run credential stuffing attacks to exploit this negligent behaviour – people still reuse passwords: DraftKings denies platform breach, says about $300,000 stolen from compromised accounts – The Record …
Mass spamming starts with no MFA and credential stuffing
Microsoft has been monitoring and seeing an increase in attacks using malicious OAuth applications, installed on compromise cloud servers that then facilitate mass spamming from Exchange Online servers. Malicious OAuth applications abuse cloud email services to spread spam – Microsoft Security Blog The attack started with the threat actor launching …
Continue reading “Mass spamming starts with no MFA and credential stuffing”
Credential stuffing attacks
This research by Okta highlights the issue of users recycling passwords: Okta: Credential stuffing accounts for 34% of all login attempts (bleepingcomputer.com) There were more login attempts by threat actors than legitimate ones! They were just trying out passwords to see if someone was stupid, (sorry if you do not …
Technology in Schools
I have a friend from the MSc course, who is a teacher here in the UK, and he is often caught by the schools very high security stance, when he is trying to teach cyber security to his students. Many of the legitimate sites and resources he wants access to …
Credential theft – where the threat actors start and some advice
Collecting (stealing) credentials is a favourite pastime of threat actors – either to break into accounts directly or to add them to their credential stuffing attacks (looking for those people who reuse passwords) or just to sell on the dark web! Here they are doing it to users of the …
Continue reading “Credential theft – where the threat actors start and some advice”