[BreachExchange] RIPE NCC Internet Registry discloses SSO credential stuffing attack

Destry Winant destry at riskbasedsecurity.com
Mon Feb 22 10:20:00 EST 2021


https://www.bleepingcomputer.com/news/security/ripe-ncc-internet-registry-discloses-sso-credential-stuffing-attack/

 RIPE NCC is warning members that they suffered a credential stuffing
attack attempting to gain access to single sign-on (SSO) accounts.

RIPE NCC is a not-for-profit regional Internet registry for Europe,
the Middle East, and parts of Central Asia. It is responsible for
allocating blocks of IP addresses to Internet providers, hosting
providers, and organizations in the EMEA region.

Membership includes over 20,000 organizations from over 75 countries
who act as Local Internet Registries (LIRs) to assign IP address space
to other organizations in their own country.

RIPE NCC hit by a credential stuffing attack

RIPE disclosed today that they suffered a credential stuff attack over
the weekend targeting their single sign-on (SSO) service. This SSO
service is used to login to all RIPE sites, including My LIR,
Resources, RIPE Database, RIPE Labs, RIPEstat, RIPE Atlas, and the
RIPE Meeting websites.

"Last weekend, RIPE NCC Access, our single sign-on (SSO) service was
affected by what appears to be a deliberate ‘credential-stuffing’
attack, which caused some downtime.

"We mitigated the attack, and we are now taking steps to ensure that
our services are better protected against such threats in the future,"
RIPE NCC disclosed today in an announcement on their website.

RIPE states that their investigation does not indicate that any of
their accounts have been compromised, but they will immediately
contact the account holders if any are found.

The RIPE NCC SSO service offers two-factor authentication, which
members can enable on their profile page. RIPE urges all users to
enable two-factor authentication on their Access accounts to prevent
compromise in future credential-stuffing attacks.

RIPE asks any users who detect suspicious activity on their account to
contact them immediately.

It is also recommended to use a different password at every site you
frequent to prevent leaked credentials from being used in credential
stuffing attacks at other websites.


More information about the BreachExchange mailing list