Researchers have uncovered a powerful weapon in the cybercriminal arsenal dubbed Atlantis AIO that enables attackers to test millions of stolen credentials in rapid succession. It also provides pre-configured modules to automate the targeting of specific services from email providers.
You can go into the weeds on this here: https://abnormalsecurity.com/blog/atlantis-aio-credential-stuffing-140-platforms
Darren James, Senior Product Manager at Specops Software, commented:
“Threat actors who use these tools are looking for username and password pairs that work on any of these targeted systems. They rely on the fact that many people re-use these credentials across multiple websites.
Consumer credentials are useful for specific account takeover, but usernames that are from the affected persons work account are often prized highly, as these accounts can be used to steal data or blackmail an entire organization rather than a single individual.
Organizations can protect themselves by using tools that continuously monitor business accounts for breached passwords, and Digital Risk Protection systems that look for these credential pairs, and can either warn you about your “risky” users or even force the user to change that compromised password.
The risk of having a password becoming compromised has increased over time with advice from various organization’s being that password expiry dates should be removed. This advice, however, always comes with a caveat that the user’s password must be changed if it becomes compromised. However, without the additional tools I mentioned above, this is extremely difficult to detect until it’s too late.”
This is a perfect example as to why password hygiene matters. By having good password hygiene, you make yourself less of a target. Thus you should spend a weekend or two looking at all your passwords and making them as complex and unique as possible. Other tips on good password hygiene can be found here.
Like this:
Like Loading...
Related
This entry was posted on March 26, 2025 at 11:37 am and is filed under Commentary with tags Abnormal Security. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Atlantis AIO Automates Credential Stuffing Attacks Across 140+ Platforms
Researchers have uncovered a powerful weapon in the cybercriminal arsenal dubbed Atlantis AIO that enables attackers to test millions of stolen credentials in rapid succession. It also provides pre-configured modules to automate the targeting of specific services from email providers.
You can go into the weeds on this here: https://abnormalsecurity.com/blog/atlantis-aio-credential-stuffing-140-platforms
Darren James, Senior Product Manager at Specops Software, commented:
“Threat actors who use these tools are looking for username and password pairs that work on any of these targeted systems. They rely on the fact that many people re-use these credentials across multiple websites.
Consumer credentials are useful for specific account takeover, but usernames that are from the affected persons work account are often prized highly, as these accounts can be used to steal data or blackmail an entire organization rather than a single individual.
Organizations can protect themselves by using tools that continuously monitor business accounts for breached passwords, and Digital Risk Protection systems that look for these credential pairs, and can either warn you about your “risky” users or even force the user to change that compromised password.
The risk of having a password becoming compromised has increased over time with advice from various organization’s being that password expiry dates should be removed. This advice, however, always comes with a caveat that the user’s password must be changed if it becomes compromised. However, without the additional tools I mentioned above, this is extremely difficult to detect until it’s too late.”
This is a perfect example as to why password hygiene matters. By having good password hygiene, you make yourself less of a target. Thus you should spend a weekend or two looking at all your passwords and making them as complex and unique as possible. Other tips on good password hygiene can be found here.
Share this:
Like this:
Related
This entry was posted on March 26, 2025 at 11:37 am and is filed under Commentary with tags Abnormal Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.