Current characteristics:
Relatively low-volume password spray (2-4 million requests/24hr)
Using a res proxy to spread attack across millions of IPs around the world
1 request per IP
Requests against a user ID are spread across hours or days
Even with unknown user IDs, seeing just shy of a 50% success rate on user ID guessing.
Just over .02% success rate overall...after over a year of attack/attrition
No changes to compromised accounts - just after access
This AI attack represents a first-of-its kind in the world -- weaponized AI is actively driving this attack...on a global scale.
Currently, first-level targets are 1FA protected accounts for large suppliers (millions of users). Compromised accounts are used to go after 2FA accounts that are linked to them. Lather, rinse, repeat...wipe hands on pants.
Cybersecurity tip of the day: 2FA is no longer enough if your 2FA uses an email account for the OTP -- you need the entire chain to be 2FA and at some point for there to be a true out-of-band channel (mobile, passkey, hard token, etc.)
The AI-driven attack I'm tracking is a mass compromise of email, starting with 1FA accounts and using that to move on to 2FA accounts.
Hacker (ethical kind), recovered-ninja, blacksmith, geek, serial kilter.
That about covers it.