For AI agents: A markdown version of this page is available at https://docs.datadoghq.com/security/default_rules/g6h-rq4-3y9.md. A documentation index is available at /llms.txt.

Credential stuffing attack on JumpCloud

jumpcloud

Classification:

attack

Tactic:

TA0006-credential-access

Technique:

T1110-brute-force

Goal

Detect an account take over (ATO) through credential stuffing attack against a JumpCloud account.

Strategy

To determine a successful attempt: Detect a high number of failed logins from at least seven unique users and at least one successful login for a user within a period of time from the same IP address.

To determine an unsuccessful attempt: Detect a high number of failed logins from at least seven unique users within a period of time from the same IP address.

Triage and response

  1. Determine if it is a legitimate attack or a false positive.
  2. Determine compromised users.
  3. Remediate compromised user accounts.