In credentialing attacks, adversaries attempt to log into online services using a wide array of usernames and passwords, which they may have obtained from past data breaches, unrelated sources, phishing schemes, or malware campaigns, according to the company.
“Organizations are strongly encouraged to strengthen IAM against multiple abuse tactics, especially data entry, to ensure multiple layers of strong controls to reduce the risk of attacks from multiple threat actors seeking to gain access and exploit,” said Ken Dunham, director of cyber threat. Qualys Threat Research Unit. “Don’t let threat actors be your IAM auditor, go beyond complex password basics to strengthen your authentication of users and accounts to ensure you’re not the victim of the next breach in the news.”
A few high-profile data breaches this month include breaches that affected Europol’s website, Dell Technologies, and Zscaler’s “checkpoint”. However, the credentials, as used by threat actors, used in the vulnerable Okta feature may have come from a much older data breach.
Use password rotation, or reduce the password
Okta advises customers not to have a password to protect against credentialing attacks. “Enroll users in passwordless, phishing-resistant authentication,” the company said. “We recommend the use of passkeys as a more secure method. Passkeys are included in all Auth0 plans from our free plan through Enterprise.”
Additionally, rotating passwords frequently, avoiding weak passwords and those on password lists, and using a password that is at least 12 characters long and does not contain username components, can also be helpful.
As a workaround for this attack, Okta recommended disabling the vulnerable endpoint within the Auth0 Management Console if the employer does not use cross-origin authentication. Limiting the allowed origins is advised and if necessary use cross-origin authentication.
Source link