Jan 7, 2022
70 Views
0 0

NY attorney general probes widespread credential stuffing, 17 companies affected

Written by

Credential stuffing works because it preys on reused passwords, a common practice for personal and professional online accounts. 
“Attackers know that the username and password used at one website may also be used at a half-dozen others,” the OAG report said. “Attackers typically use free, easily accessible software capable of transmitting hundreds of login attempts simultaneously without human intervention.” 
Nearly two years into mass remote work, business executives have found an increase in credential theft. Zero-trust models have the potential to upgrade identity access management and privileged access control, but companies are still facing increased spear phishing and impersonation attempts to target users who have access to sensitive information. 
With data privacy concerns hovering over credential stuffing attacks, companies could also pay for regulatory fines, in addition to other remediation costs. 
Credential theft is easy for threat actors and is unavoidable for most businesses, the OAG said.  
The report outlines safeguards used for defending, detecting, preventing and responding to credential stuffing attempts, including: 
The OAG worked with the impacted companies to uncover how threat actors avoided security safeguards, which led to almost all of the companies adding additional security controls to their practices.  
Follow on Twitter
Get the free daily newsletter read by industry experts
The agency is encouraging private entities and local governments to monitor the catalog, though its usefulness will depend on a company's resources.
"PrintNightmare is just like the flipping gift that keeps on giving," Jason Slagle of CNWR IT Consultants said. "You can get popped by it, and then literally every week there's some sort of update." 
Subscribe to Cybersecurity Dive for top news, trends & analysis
Get the free daily newsletter read by industry experts
Want to share a company announcement with your peers?
Share your announcement
The agency is encouraging private entities and local governments to monitor the catalog, though its usefulness will depend on a company's resources.
"PrintNightmare is just like the flipping gift that keeps on giving," Jason Slagle of CNWR IT Consultants said. "You can get popped by it, and then literally every week there's some sort of update." 
The free newsletter covering the top industry headlines

source

Article Categories:
Cybersecurity News

Comments are closed.