Threat Watch

RIPE NCC targeted With Credential Stuffing Attack

RIPE NCC, a not-for-profit regional Internet Registry for Europe, the Middle East, and parts of Central Asia, has disclosed that they were the victim of a credential stuffing attack. The company is responsible for allocating blocks of IP addresses to Internet providers, hosting providers, and organizations in the EMEA region. Users of the service included over 20,000 organizations in over 75 different countries. Credential stuffing attacks are carried out by threat actors and attempt to use old passwords and email combinations that have been previously breached to login into other accounts. The attack affected the Single Sign On (SSO) service and caused a small amount of downtime while the company mitigated the attack.

ANALYST NOTES

Credential stuffing attacks are common amongst threat actors that have access to leaked databases. Many times, these threat actors will steal credentials from another service and sit on a database for months or years until they try and use them to carry out attacks. Companies should have monitoring in place such as the Binary Defense Counterintelligence team that searches for leaked emails across the Clearnet, Darknet, and Deepweb to alert organizations to these breaches. These findings can help companies understand what services their employees are using their employee email for and advise the employee to change their password to prevent further attacks. Furthermore, no one should re-use passwords across multiple platforms. The use of a trusted password manager can help people keep track of multiple passwords for different services so that no one has to remember passwords and can make them complex. The best approach to protect account access is to combine a strong password with Multi-Factor Authentication (MFA) whenever that is an option.

More can be read here: https://www.bleepingcomputer.com/news/security/ripe-ncc-internet-registry-discloses-sso-credential-stuffing-attack/