Internet Registry RIPE NCC Warns of Credential Stuffing Attack

One of the world’s five internet registries yesterday warned users that it suffered a failed credential stuffing attack.

RIPE NCC is the regional internet registry (RIR) for Europe, West Asia and the former Soviet Union.

It claimed in an update yesterday that its single sign-on (SSO) service was affected by an attempt to crack open accounts, causing some downtime.

“We mitigated the attack, and we are now taking steps to ensure that our services are better protected against such threats in the future,” it noted.

“Our preliminary investigations do not indicate that any SSO accounts have been compromised. If we do find that an account has been affected in the course of our investigations, we will contact the account holder individually to inform them.”

The registry is asking all account holders to enable two-factor authentication if they’ve not already done so, and recommended the same for all internet accounts.

It remains to be seen what the attackers were after. Credential stuffing is an increasingly popular way for cyber-criminals to hijack the online accounts of internet users, but it tends to be focused on consumer-facing businesses.

A 2020 report from Akamai claimed that 60% of credential stuffing attacks detected over the previous two years were targeted at retail, travel and hospitality businesses, with the vast majority (90%+) of these related to retail brands.

As long as enterprise security is found wanting, such attackers will have a readymade supply of credentials to use in these automated raids.

A report from F5 earlier this month revealed that the number of attacks resulting in large-scale credential theft almost doubled over the past four years.

Although brands are often loathe to enforce 2FA for fear that it adds too much customer friction to the login process, organizations like RIPE NCC would benefit from enforcing it by default.