A brand new cybercrime platform named ‘Atlantis AIO’ gives an automatic credential stuffing service in opposition to 140 on-line platforms, together with e-mail providers, e-commerce websites, banks, and VPNs.
Particularly, Atlantis AIO options pre-configured modules for these providers to carry out brute drive assaults, bypass CAPTCHAs, automate account restoration processes, and monetize stolen credentials/accounts.
Credential stuffing and automation
Credential stuffing is a sort of cyberattack the place risk actors check out a listing of credentials (usernames + passwords) they stole or sourced from leaked knowledge breaches in opposition to platforms hoping to achieve entry to accounts.
If the credentials match and the account is not protected by multi-factor authentication, they will hijack it, lock the professional proprietor out, after which abuse or resell the account to others.
Such a assault is standard and widespread, with giant credential-stuffing assaults occurring day by day. Through the years, these assaults have impacted manufacturers and providers like Okta, Roku, Chick-fil-A, Sizzling Subject, PayPal, Pet Good, and 23andMe.
Risk actors generally conduct credential stuffing assaults utilizing free instruments, like Open Bullet 2 and SilverBullet, together with premade “configs” which can be shared on cybercrime boards.
Credential Stuffing as a Service
Atlantis AIO is a brand new Credential Stuffing as a Service (CSaaS) platform that enables cybercriminals to pay for a membership and automate most of these assaults.
.jpg)
Supply: Irregular
The cybercrime service Atlantis AIO was found by Irregular Safety, which studies it’s able to concentrating on over 140 on-line providers worldwide. The focused providers embody Hotmail, AOL, Mail.ru, Mail.com, Gmx, Wingstop, Buffalo Wild Wings, and Safeway.
Atlantis AIO is a modular device that offers attackers the choice to launch tailor-made assaults, with its three fundamental modules being:
- Electronic mail Account Testing – Automates brute-force and takeover makes an attempt on standard e-mail platforms like Hotmail, Yahoo, and Mail.com, permitting attackers to achieve management of the account and entry inboxes for phishing or knowledge theft.
- Brute Power Assaults – Quickly cycles by means of frequent or weak passwords on focused platforms to crack accounts with poor password hygiene.
- Account Restoration – Exploits account restoration processes (e.g., on eBay, Yahoo), bypasses CAPTCHAs, and automates takeovers utilizing instruments like “Auto-Doxer Restoration” for quicker and extra environment friendly credential exploitation.
As soon as the cybercriminals receive entry to accounts, they usually promote them in bulk, itemizing a whole bunch and even 1000’s of compromised accounts on the market on underground boards.
Different risk risk actors create retailers the place they promote stolen accounts for as little as $0.50 per account.
Supply: BleepingComputer
Defending in opposition to credential stuffing
Credential stuffing assaults could be thwarted when you use robust, distinctive passwords and multi-factor authentication at each web site the place you’ve got an account.
Multi-factor authentication is essential, as even when credentials are compromised, risk actors will not be capable to log in with out additionally stealing the MFA data.
When you obtain studies from on-line providers about uncommon logins from unusual places or surprising password reset emails, you must instantly examine whether or not your credentials had been compromised.
Web sites might help cease these assaults by implementing charge limiting and IP throttling, utilizing superior CAPTCHA puzzles, and monitoring for suspicious habits patterns.
Based mostly on an evaluation of 14M malicious actions, uncover the highest 10 MITRE ATT&CK strategies behind 93% of assaults and learn how to defend in opposition to them.
