{"id":188378,"date":"2024-04-29T22:22:34","date_gmt":"2024-04-30T03:22:34","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2024\/04\/account-compromise-of-unprecedented-scale-uses-everyday-home-devices"},"modified":"2024-04-29T22:22:34","modified_gmt":"2024-04-30T03:22:34","slug":"account-compromise-of-unprecedented-scale-uses-everyday-home-devices","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2024\/04\/account-compromise-of-unprecedented-scale-uses-everyday-home-devices","title":{"rendered":"Account compromise of \u201cunprecedented scale\u201d uses everyday home devices"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/account-compromise-of-unprecedented-scale-uses-everyday-home-devices.jpg\"><\/a><\/p>\n<p>Authentication service Okta is warning about the \u201cunprecedented scale\u201d of an ongoing campaign that routes fraudulent login requests through the mobile devices and browsers of everyday users in an attempt to conceal the malicious behavior.<\/p>\n<p>The attack, Okta said, uses other means to camouflage the login attempts as well, including the TOR network and so-called proxy services from providers such as NSOCKS, Luminati, and DataImpulse, which can also harness users\u2019 devices without their knowledge. In some cases, the affected mobile devices are running malicious apps. In other cases, users have enrolled their devices in proxy services in exchange for various incentives.<\/p>\n<p>Unidentified adversaries then use these devices in credential-stuffing attacks, which use large lists of login credentials obtained from previous data breaches in an attempt to access online accounts. Because the requests come from IP addresses and devices with good reputations, network security devices don\u2019t give them the same level of scrutiny as logins from virtual private servers (VPS) that come from hosting services threat actors have used for years.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Authentication service Okta is warning about the \u201cunprecedented scale\u201d of an ongoing campaign that routes fraudulent login requests through the mobile devices and browsers of everyday users in an attempt to conceal the malicious behavior. The attack, Okta said, uses other means to camouflage the login attempts as well, including the TOR network and so-called [\u2026]<\/p>\n","protected":false},"author":396,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34],"tags":[],"class_list":["post-188378","post","type-post","status-publish","format-standard","hentry","category-cybercrime-malcode"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/188378","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/396"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=188378"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/188378\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=188378"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=188378"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=188378"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}