Credential stuffing attack on Jumpcloud

jumpcloud

Classification:

attack

Tactic:

TA0006-credential-access

Technique:

T1110-brute-force

Set up the jumpcloud integration.

이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

Goal

Detect an account take over (ATO) through credential stuffing attack against a Jumpcloud account.

Strategy

To determine a successful attempt: Detect a high number of failed logins from at least seven unique users and at least one successful login for a user within a period of time from the same IP address.

To determine an unsuccessful attempt: Detect a high number of failed logins from at least seven unique users within a period of time from the same IP address.

Triage and response

  1. Determine if it is a legitimate attack or a false positive.
  2. Determine compromised users.
  3. Remediate compromised user accounts.