The Réseaux IP Européens Network Coordination Centre, or RIPE NCC, is a regional Internet registry serving countries in Europe, West Asia, and the former Soviet Union.
On February 18, RIPE NCC reported an attempted credential-stuffing attack against its single-sign-on service.
“Last weekend, RIPE NCC Access, our single sign-on (SSO) service was affected by what appears to be a deliberate ‘credential-stuffing’ attack, which caused some downtime. We mitigated the attack, and we are now taking steps to ensure that our services are better protected against such threats in the future,” RIPE NCC reported.
Although the company’s preliminary investigations did not reveal that any SSO accounts have been compromised, the company encouraged all its users to turn on two-factor authentication (2FA).
A regional Internet registry is an organization that manages the registration of Internet number resources. That includes IPv4 and IPv6 addresses and autonomous system numbers (ASNs) which are used to identify each network on the Internet. This is an important technology that makes it possible for people to connect their devices to the web.
In the world, there are five regional internet registries providing Internet resource allocations and registration services, and RIPE NCC is one of them.
In a credential-stuffing attack against RIPE NCC, “the data that could be exposed are internet sources such as IP addresses allocated to internet providers, hosting providers and organizations,” said Niamh Muldoon, a global data protection officer with OneLogin, in an interview with Threatpost.
Credential stuffing is an increasingly popular way for cyber-criminals to hijack the online accounts of Internet users. In this type of attack, a cybercriminal uses stolen account credentials and in large-scale, automated login attempts, tries to find the right combination of login and password to get access to a website or service.
According to F5’s 2021 Credential Stuffing Report, although the annual volume of stolen credentials has mostly declined between 2016 and 2020, the number of attacks resulting in large-scale credential theft almost doubled.
Cybercriminals usually manage to steal credentials when users reuse the same credentials in multiple online accounts or do not turn on 2FA.