Hackers Use Residential Proxies in Credential Stuffing Attacks, FBI Warns

Cybercriminals are relying on residential proxies to cover their tracks and avoid being blocked in exhaustive credential stuffing attacks, the FBI has disclosed.

The agency issued the warning as a Private Industry Notification to help Internet platforms counter credential stuffing attacks with appropriate defense mechanisms.

Credential stuffing is a type of brute-forcing attack where perpetrators use libraries of previously leaked username and password combinations to gain unauthorized access to various online platforms.

This attack only works against users who input the same credentials (username, email address and password) into several services. In this case, attackers can breach their accounts without social engineering, phishing, keylogging or other devious techniques.

Since it’s a form of brute forcing, online services could deter credential stuffing attacks via mitigation mechanisms such as limiting the number of consecutive failed login attempts. One of the most basic types of protection involves enforcing IP-based limitations and blocking proxy users from logging in.

However, perpetrators have now resorted to residential proxies to cloak their actual IP address. This lets attackers continue covering their traces unhampered and avoid blocklists since residential IP addresses are less likely to be restricted.

“Cyber criminals leverage proxies and configurations to mask and automate credential stuffing attacks on online customer accounts of US companies,” reads the FBI’s announcement. “Leveraging proxies and configurations automates the process of attempting logins across various sites and facilitates exploitation of online accounts.”

The FBI’s security advisory also suggests mitigation practices for administrators to defend against credential stuffing and similar account cracking attacks:

• Enable Multi-Factor Authentication (MFA)
• Avoid using passwords that were leaked in previous data breaches
• Oblige users to reset their passwords if their current ones have been compromised
• Use fingerprinting to detect suspicious activity
• Limit suspicious users through shadow banning
• Monitor for default user agent strings used by credential stuffing tools

Specialized software such as Bitdefender Digital Identity Protection can keep you safe against data breaches and attacks that leverage them with features like:

• Overview of your digital footprint, including traces from no-longer-used services
• Continuous public and Dark Web monitoring and reporting of data breaches
• Simple, one-click action modules against data leaks and weak points in your digital footprint