Connect with us

Cyber Security

Top firms Suffer Credential Stuffing Threats, Users Warned

Published

on

Stolen online account credentials are always in demand in the cybercrime market. Recently, a threat actor was found selling credentials of hundreds of C-level executives at companies across the world for $100 to $1500 per account.

Serious credential threats

Numerous sophisticated malware and threat actors have been identified attempting to steal credentials to be used for malicious purposes or selling on underground forums.

  • A new multi-stage malware dubbed Chaes was identified that could evade antivirus tools and steal sensitive information from the browser, such as login credentials, credit card numbers, and other financial information.
  • Cicada APT group was found targeting companies in 17 regions and multiple sectors, gathering information from network machines, and harvesting credentials to gain further access to the victim network.

Organizations facing credential stuffing related threats

A large number of organizations and their customers have recently faced data losses and privacy breaches due to credential stuffing attacks.Spotify witnessed a hack of over 300k verified accounts.

  • The North Face, the outdoor retail giant, witnessed a credential stuffing attack, impacting an undisclosed number of its customers.
  • Nando’s, the South African restaurant chain, faced losses of hundreds of pounds after cyber-attackers hijacked their customer’s online accounts to illegitimately place large orders.
  • Sam’s Club, the U.S.-based membership-only retail warehouse club chain, was found sending automated password reset emails to its customers after being targeted by credential stuffing attacks.

Conclusion

Old habits die hard! Customer reusing passwords pave the way for attackers launching credential stuffing attempts and Cyber security Companies. While users find it difficult to change, experts recommend organizations should add security layers such as geo-blocking, captcha controls, and frequency monitoring of access-related logs to check for any ambiguity or unusual behavior.

Source: https://cyware.com/news/top-firms-suffer-credential-stuffing-threats-users-warned-46f1f1d7

Advertisement
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © 2023 Cyber Reports Cyber Security News All Rights Reserved Website by Top Search SEO