Nikto  

Cybersecurity tip of the day: 2FA is no longer enough if your 2FA uses an email account for the OTP -- you need the entire chain to be 2FA and at some point for there to be a true out-of-band channel (mobile, passkey, hard token, etc.)

The AI-driven attack I'm tracking is a mass compromise of email, starting with 1FA accounts and using that to move on to 2FA accounts.

1+
Nikto
Follow

Current characteristics:

Relatively low-volume password spray (2-4 million requests/24hr)

Using a res proxy to spread attack across millions of IPs around the world

1 request per IP

Requests against a user ID are spread across hours or days

Even with unknown user IDs, seeing just shy of a 50% success rate on user ID guessing.

Just over .02% success rate overall...after over a year of attack/attrition

No changes to compromised accounts - just after access

· 0· 0· 0
Sign in to participate in the conversation

CounterSocial is the first Social Network Platform to take a zero-tolerance stance to hostile nations, bot accounts and trolls who are weaponizing OUR social media platforms and freedoms to engage in influence operations against us. And we're here to counter it.

Resources

Developers

What is CounterSocial?

Created by potrace 1.15, written by Peter Selinger 2001-2017

counter.social

More…