Article Details

New 'Atlantis AIO' automates credential stuffing on 140 services. A new cybercrime platform named 'Atlantis AIO' provides an automated credential stuffing service against 140 online platforms, including email services, e-commerce sites, banks, and VPNs. Specifically, Atlantis AIO features pre-configured modules for these services to perform brute force attacks, bypass CAPTCHAs, automate account recovery processes, and monetize stolen credentials/accounts. Credential stuffing and automation Credential stuffing is a type of cyberattack where threat actors try out a list of credentials (usernames + passwords) they stole or sourced from leaked data breaches against platforms hoping to gain access to accounts. If the credentials match and the account isn't protected by multi-factor authentication, they can hijack it, lock the legitimate owner out, and then abuse or resell the account to others. This type of attack is popular and widespread, with large credential-stuffing attacks occurring daily. Over the years, these attacks have impacted brands and services like Okta, Roku, Chick-fil-A, Hot Topic, PayPal, Pet Smart, and 23andMe. Threat actors commonly conduct credential stuffing attacks using free tools, like Open Bullet 2 and SilverBullet, along with premade "configs" that are shared on cybercrime forums. Credential Stuffing as a Service Atlantis AIO is a new Credential Stuffing as a Service (CSaaS) platform that allows cybercriminals to pay for a membership and automate these types of attacks. The cybercrime service Atlantis AIO was discovered by Abnormal Security, which reports it is capable of targeting over 140 online services worldwide. The targeted services include Hotmail, AOL, Mail.ru, Mail.com, Gmx, Wingstop, Buffalo Wild Wings, and Safeway. Atlantis AIO is a modular tool that gives attackers the option to launch tailored attacks, with its three main modules being: Once the cybercriminals obtain access to accounts, they often sell them in bulk, listing hundreds or even thousands of compromised accounts for sale on underground forums. Other threat threat actors create shops where they sell stolen accounts for as little as $0.50 per account. Defending against credential stuffing Credential stuffing attacks can be thwarted if you use strong, unique passwords and multi-factor authentication at every site where you have an account. Multi-factor authentication is critical, as even if credentials are compromised, threat actors won't be able to log in without also stealing the MFA information. If you receive reports from online services about unusual logins from strange locations or unexpected password reset emails, you should immediately investigate whether your credentials were compromised. Websites can help stop these attacks by implementing rate limiting and IP throttling, using advanced CAPTCHA puzzles, and monitoring for suspicious behavior patterns. Top 10 MITRE ATT&CK© Techniques Behind 93% of Attacks Based on an analysis of 14M malicious actions, discover the top 10 MITRE ATT&CK techniques behind 93% of attacks and how to defend against them.