Mario Sanmiguel
Seung Ha / June 25, 2024 / 3 minutes of readingAdvisories, Vulnerabilities & Alerts
Responding to the Surge in Okta Credential-Stuffing Attacks
Okta has recently identified a spike in credential-stuffing attacks, posing a significant threat to organizational security. Credential-stuffing is the automated injection of breached username and password combinations to fraudulently gain access to user accounts.
Recommended Actions:
- Block ToR and Proxy Use: Prevent attackers from masking their identity by blocking access from ToR and proxy networks.
- Whitelist Countries of Operation: Restrict access to your services based on geographic locations to limit unauthorized access attempts from regions outside your business operations.
- Enable ThreatInsight: Leverage Okta’s ThreatInsight tool to identify and mitigate credential-stuffing attacks using extensive threat intelligence.
- Enforce Strong Password Policy: Mandate complex, unique passwords for all accounts, and encourage the use of password managers to ensure strong password practices.
- Enforce Multi-Factor Authentication (MFA): Add an extra layer of security by requiring users to provide two or more verification factors to access accounts, making it harder for attackers to gain unauthorized entry.
Take Action Now: Implement these measures to significantly reduce the risk of credential-stuffing attacks. Prioritize security by blocking ToR and proxy use, whitelisting countries of operation, enabling ThreatInsight, enforcing strong passwords, and implementing MFA. Stay proactive in your cybersecurity efforts to protect your organization from evolving threats.
External Links:
Comply with Google & Yahoo’s New 2024 Email Authentication Requirements
Stay Ahead with Secure Email Practices: In 2024, Google and Yahoo are enforcing new email authentication requirements. Ensure your emails reach recipients and avoid being marked as spam by following these essential steps:
Recommended Actions:
- Implement Sender Policy Framework (SPF): To prevent spammers from sending emails on your behalf, publish an SPF record in your DNS settings to list authorized IP addresses.
- Sign Outgoing Messages with DKIM: To verify that emails are not altered during transit, generate a DKIM key pair, publish the public key in your DNS, and configure your server to sign emails with the private key.
- Enable DMARC: To provide instructions on handling unauthenticated emails and increase visibility into fraudulent activities, publish a DMARC policy in your DNS settings with handling instructions and reporting options.
Take Action Now: Secure your email communication and protect your brand’s reputation. Implement SPF, DKIM, and DMARC today. Need help? Our team is ready to assist.
External Links:
Cybersecurity Alert: Increased Ransomware Threats to Healthcare Organizations
Fortinet has issued a threat alert following a joint Cybersecurity Advisory by CISA, the FBI, and HHS, highlighting an elevated risk to healthcare organizations from ransomware attacks. These entities are particularly vulnerable due to their size, dependence on technology, access to sensitive personal health information, and the critical nature of patient care services.
Key Details:
- Source Advisory: CISA, FBI, and HHS Cybersecurity Advisory AA24-131A
- Target Sector: Healthcare and Public Health (HPH) Sector along with all critical infrastructure organizations.
- Threat Actor: Notably, the advisory warns against threats from the Black Basta ransomware group among others.
Recommended Actions:
- Indicators of Compromise: Import and monitor the provided list of Indicators of Compromise on systems such as Rapid7 and antivirus software to detect potential threats.
- Vulnerability Management: Address vulnerabilities immediately, especially the newly published CVE-2024-1709 affecting ConnectWise ScreenConnect, currently utilized by Celito SD for remote client device access.
Take Action Now: Organizations must prioritize these recommendations to safeguard their infrastructure and sensitive patient data against the rising threat of ransomware attacks also are urged to follow the detailed mitigations provided in the advisory to reduce the likelihood of compromise.