In a new report, the FBI talked about data substitution attacks, one of the options for a “dictionary attack”. In these attacks, attackers use user credentials stolen from another resource or bought on the dark web instead of a set of commonly used login and password combinations.
According to FBI experts, data substitution attacks often lead to huge financial losses and cause reputational damage to the victim company. The bureau’s message also said that after the victim’s account is hacked, the attackers begin to buy goods and services, and also try to gain access to other user accounts.Let me remind you that we also talked about the fact that FBI will transfer compromised passwords to Have I Been Pwned, and also that FBI Shared 4 Million Emotet Email Addresses.
The FBI warns that attackers are using residential proxies to bypass basic defenses because they make it harder for security systems to distinguish suspicious traffic from normal traffic.
To gain access to a residential proxy server, hackers hack into modems and other IoT devices, or use malware that turns the victim’s computer into a proxy server. And with the help of various tools, cybercriminals automate data-spoofing attacks using bots that try to log into victims’ accounts on multiple sites.
In addition, some tools allow hackers to brute force account passwords or create configurations that can tailor an attack to specific requirements (presence of a unique character, minimum password length, etc.).
The FBI says credential spoofing attacks are not limited to websites and are often used against mobile apps that have weaker security protocols.
As part of a joint operation involving the FBI and the Australian Federal Police, the agencies uncovered two websites that contained more than 300,000 unique sets of credentials obtained by hackers from credential spoofing attacks.
To strengthen protection against such attacks, the FBI has given organizations several recommendations:
- Enable multi-factor authentication (MFA);
- Educate corporate network users on digital hygiene rules;
- Use device fingerprints to detect unusual network activity;
- Implement a shadowban that limits the actions of suspicious users in the corporate network;
- Check hacker tool configurations to prepare security systems for attacks;
- Track leaks of credentials;
- Use cloud protection services.
Regular users can protect themselves simply by using MFA and strong passwords.