How to Block Residential Proxies using Okta
Summary: Every customer using the Workforce Identity Cloud and Customer Identity Solution can now block access requests originating from residential proxies prior to authentication.
Over the last month, Okta has observed an increase in the frequency and scale of credential stuffing attacks targeting online services, facilitated by the broad availability of residential proxy services, lists of previously stolen credentials (“combo lists”), and scripting tools.
In credential stuffing attacks, adversaries attempt to sign-in to online services using large lists of usernames and passwords obtained from previous data breaches of unrelated entities, or from phishing or malware campaigns.
All recent attacks we have observed share one feature in common: they rely on requests being routed through anonymizing services such as TOR. Millions of the requests were also routed through a variety of residential proxies including NSOCKS, Luminati and DataImpulse.
Residential Proxies are networks of legitimate user devices that route traffic on behalf of a paid subscriber. Providers of residential proxies effectively rent access to route authentication requests through the computer, smartphone or router of a real user, and proxy traffic through the IP of these devices to anonymize the source of the traffic.
