FBI Warning On Credential Stuffing & Residential Proxies Is Good News

The Home of the Security Bloggers Network

Home » Security Bloggers Network » FBI Warning on Credential Stuffing & Residential Proxies is Good News – Bad News

The FBI is warning security professionals to be on the lookout for increased use of residential proxies to execute credential stuffing attacks. The warning is a combination of good news and bad news.

The warning raises awareness around the use of residential proxy services by cybercriminals, specifically for credential stuffing attacks. It follows the recent news around 911 proxy service going dark and the takedown of RSOCKS proxy service by law enforcement. To improve the detection of credential stuffing via residential proxies, the FBI warning makes the following security solution recommendations:

The residential proxy warning includes data on how the OpenBullet attack toolkit is used to automate the use of stolen credentials for automated attacks. OpenBullet includes easy access to predefined credential stuffing attack configs that leverage residential proxies as a means of masking location and identity. One of the more popular attack tools, OpenBullet simplifies the act of launching any type of automated attack, not just credential stuffing attacks, as noted here.

The warning lacks any data on the popularity of residential proxies and how easy they are to access. Residential proxies are also known as Bulletproof Proxies. A residential proxy is an IP address of a compromised PC, cable box, garage door opener, doorbell, or even a refrigerator. The IP addresses (Proxies) become part of a commercially available service marketed for legitimate uses like website testing. These services also provide attackers access to vast number of IP address that are used to execute large scale, automated attacks while masking identity and location. Proxy solution features include the management dashboard access with the ability to schedule attacks, route traffic through specific geographic locations and monitor traffic patterns.

A quick web search for proxy solutions provides easy access to numerous offerings, complete with payment plans and customer testimonials. The providers shown in the image below collectively claim to have more than 130M IP addresses available globally.

Noted in the warning, credential stuffing is a common use case for residential proxies, but not the sole use case. Any automated attack (e.g., from brute force attacks to enumeration, content scraping and fake account creation) will use proxies to mask identity and location while achieving scale.

The FBI notes how OpenBullet is used in conjunction with proxies to execute credential stuffing attacks. The warning does not include a discussion of more recent tools classified as bots-as-a-service.

OpenBullet remains popular but this new class of bots-as-a-service eliminates much of the effort required to execute an automated attack. A user can now access these services to pick from a library of bots based on their target. Once their target is chosen, a user can subscribe to the service to execute the attack. Users do not need to create scripts, find the credentials, infrastructure and tools to perform malicious automated actions. They can now access a service that combines credentials, infrastructure and tools into a one-stop-shop for them.

Protect your APIs from Credential Stuffing Attacks: API Security Best Practices Webinar

Understandably missing from the FBI report is the impact residential proxy enabled bots have on the business. The impact to the business can include:

A 2021 Forrester survey of 400+ organizations validates the business impact with 15% of the respondents noting bot-related losses as high as 10%.

The FBI security solution recommendations for stopping credential stuffing and other types of attacks via residential proxies are too simplified and are easily evaded by attackers. The credential stuffing protection recommendations also increase the risk of adding friction to the end user experience. For example, OpenBullet has predefined evasion techniques for JavaScript-based security measures provided by CDN-based solutions. It has similar features to solve CAPTCHAs and to get around user agent string analysis by mimicking a range of up-to-date browsers.

Also missing from the FBI security bulletin is the discussion of APIs and how they are now used as the attack vector of choice for credential stuffing and other automated attacks. Data shows that threat actors love APIs because it simplifies the execution of high-volume attacks while negating the traditional agent-based security mechanisms. It is impossible to install an agent in an API like you can with a web or mobile app.

Residential proxy services are a critical tool for attackers who need access to easily scalable infrastructure while maintaining anonymity and masking location. The good news is that many of the proxy services are known by their IP address and organization, making them trackable over time. By using data to identify and track these services, policies can be implemented to automatically block them.

Boasting the largest data collection of residential proxy services, Cequence Network IQ is part of CQAI, a patented ML-based analytics engine that drives the Cequence UAP solution. A subsystem within Network IQ called IP Threat Score parses threat data to identify proxy IPs the moment they hit CQAI. The residential proxies are identified, tagged and delivered to customers in the form of both predefined policies and the dataset itself.

The IP data sources include:

Network IQ data collection is highly automated which allows it to adapt to the ever-changing threat landscape. Network IQ data identifies not only individual IPs, but also entire network blocks, organizations, or ASNs. The data is classified by Network IQ into datacenter and residential proxy groupings.

The rich Network IQ data used by IP Threat Score identifies unknown IP addresses used in automated attacks as malicious 98-100% of the time. Predefined policies using IP Threat Score can be enabled to immediately block automated attacks using residential proxies.

Schedule a personalized demo to learn how Cequence Bot Defense can detect and prevent automated attacks that use stolen credentials and residential proxies.

The post FBI Warning on Credential Stuffing & Residential Proxies is Good News – Bad News appeared first on Cequence Security.

*** This is a Security Bloggers Network syndicated blog from Cequence Security authored by Matt Keil. Read the original post at: https://www.cequence.ai/blog/fbi-warning-on-credential-stuffing-residential-proxies-is-good-news-bad-news/

11 Years Of Industry Experience

100% Product Quality Protection

Constant Improvement, Extraordinary Quality

FBI Warning on Credential Stuffing & Residential Proxies is Good News – Bad News - Security Boulevard

Featured Products

News & Blog

'Smart' garage door opener at issue in patent infringement trial in Marshall | News | marshallnewsmessenger.com

MITRE Moments: A Prototype and Patent That Opened Doors—and Broke Barriers | The MITRE Corporation

Radiation Shielding Door Market Size And Forecast | Top Key Players – ETS-Lindgren, Nelco, Radiation Protection Products, MarShield, Ray-Bar Engineering, Amray – The Bollywood Ticket

loading...

Sorry, New Bedford, a Waving Chicken Was Better Than Paul Revere

Smithsonian explores how a flying taxi and a walking robot could play a part in future transportation | Automotive News

Alsobrooks, Council Reject Maglev Train Through Prince George’s - Maryland Matters

How Virgin’s Hyperloop Works—and When It Will Become a Reality

Automatic Door Market Growth, Development and Key Manufacturer Analysis Report 2019-2026 | Allied Market Research - EIN Presswire

Consumer Reports: Getting rid of a car or old device? Remember to delete your data - 6abc Philadelphia