"FBI: Beware Residential IPs Hiding Credential Stuffing"

The FBI is warning that cybercriminals are increasingly hijacking home IP addresses to hide credential stuffing activity and increase their chances of success.  Credential stuffing is a popular method of account takeover whereby attackers use large lists of breached username/password "combos" and try them across numerous sites and apps simultaneously to see if they work.  Since many individuals reuse their credentials, adversaries are usually successful.  The FBI noted that working credentials can then be sold to others for initial access.  The FBI and Australian Federal Police claim to have found two websites containing over 300,000 unique sets of credentials obtained via credential stuffing.  The FBI noted that the sites had over 175,000 registered customers and made over $400,000 in sales.  The FBI stated that website owners can detect this suspicious activity if they know what to look for.  This is where residential proxies come in.  By compromising home routers or other connected technology, attackers can route their efforts through benign-looking IPs to trick network defenders.  The FBI stated that in executing successful credential stuffing attacks, cybercriminals have relied extensively on the use of residential proxies, which are connected to residential internet connections and therefore are less likely to be identified as abnormal.  The FBI noted that existing security protocols do not block or flag residential proxies as often as proxies associated with datacenters.  The FBI recommended a multi-layered approach to mitigate the threat of credential stuffing.

Infosecurity reports: "FBI: Beware Residential IPs Hiding Credential Stuffing"