Credential stuffing attack on Jumpcloud
Set up the jumpcloud integration.
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。
Goal
Detect an account take over (ATO) through credential stuffing attack against a Jumpcloud account.
Strategy
To determine a successful attempt: Detect a high number of failed logins from at least seven unique users and at least one successful login for a user within a period of time from the same IP address.
To determine an unsuccessful attempt: Detect a high number of failed logins from at least seven unique users within a period of time from the same IP address.
Triage and response
- Determine if it is a legitimate attack or a false positive.
- Determine compromised users.
- Remediate compromised user accounts.
