RIPE NCC has disclosed a cyber-attack attempt against their single-sign–on service (SSO). They immediately issued a warning of possible credential-stuffing attack attempts and recommended their users to activate two-factor authentication (2FA). They need to disclose the hacking attempt because they are the regional internet registry for Europe, Western Asia and the former Soviet Union.
RIPE NCC is located in Amsterdam, acting as the regional internet registry for Europe, West Asia and former the Soviet Union. The attack that took place last weekend has caused some downtime to their infrastructure. Preliminary investigations have not revealed yet it there are any compromised SSO accounts. Nevertheless, the users are urged to ensure that they are using 2FA across all their accounts to limit such cyber-attacks exposure.
What is a regional internet registry?
A regional Internet registry is founded and appointed to manage the registration of internet numbers and address within various regions globally. These include registration of IPv4 and IPv6 numbers, which is the underlying networking technology that makes people, devices and workstations get connected to the internet.
RIPE NCC is one of the five internet registries that provide internet and web resource allocations and global registration services that globally support the internet. With around 20,000 members from more than 75 countries, RIPE NCC’s members can register internet number resource for allocation. They are also handling the distribution and registration of the resources on a local level.
What is credential-stuffing?
Credential-stuffing is a cyber-attack that occurs whenever a threat actor or hacker uses compromised account credentials to attempt to use it against web applications and services in a large scale and automated login manner. The aim of cybercriminals is to gain unauthorized access to the resources of the account/s.
This kind of attack has been commonly used in recent years, causing companies such as The North Face, Dunkin Donuts and Spotify to force a password reset on impacted users. The best-known preventive measure to avoid such unauthorized access to the compromised user’s resources is utilizing MFA (multi-factor authentication). These credentials are usually sold within hacking forums and the dark web. Some are even given away by threat actors for free.
An essential lesson to everyone indeed is that users must learn to never reuse old passwords. Companies and organizations are urged to move towards multi-factor authentication as security control in access resources from the internet to reduce the risks instead of only using a password as authentication. Multi-factor authentication must also be made available to clients and customers to lower the chance of becoming a victim of a cybercrime such as credential-stuffing from being successful.