August 23, 2022

The U.S. Federal Bureau of Investigation (FBI) has warned of residential proxies used by attackers for large-scale credential stuffing attacks.

Credential Stuffing is a type of attack in which threat actors use large collections of username/password combinations uncovered in previous data breaches to gain access to other online platforms.

The FBI warns that threat actors use residential proxies to hide their actual IP address behind those commonly associated with home users, which is unlikely to be present in blocklists.

“Malicious actors utilizing valid user credentials have the potential to access numerous accounts and services across multiple industries – to include media companies, retail, healthcare, restaurant groups, and food delivery – to fraudulently obtain goods, services, and access other online resources such as financial accounts at the expense of legitimate account holders,” the FBI said.

Steps administrators can take to protect their users from losing accounts to credential stuffing attacks include offering multi-factor authentication, downloading widely available leaked credentials, and fingerprint checks.

Others include identifying and monitoring default user-agent strings, searching and discovering what configurations proxy tools used for their websites, and introducing “shadow-banning” to limit what suspicious users/accounts on the platform can do without blocking them.

The sources for this piece include an article in BleepingComputer.