Don’t say you weren’t warned. The threat from infostealer malware has been made pretty clear as billions of passwords are reported compromised, 85 million of the newest being used in ongoing attacks, and even two-factor authentication in isolation might not be enough to save you as hackers use session cookies to bypass 2FA code protections. That threat has just been amplified by a report revealing how an automatic hacking machine called Atlantis AIO is using millions of stolen passwords to gain access to email, VPN, streaming services and even food delivery accounts.
Atlantis AIO: An Automatic Hacking Machine Using Stolen Passwords By The Million
Credential stuffing is not new; let’s make that clear right from the start. However, it is a very dangerous attack methodology and is becoming increasingly so. Attackers are always looking to develop new tools that can help them carry out their attacks, as I reported March 15 after leaked Black Basta ransomware group internal chat logs revealed how it was using an automated brute-force attack framework. As both brute-force and credential stuffing terms suggest, these attacks essentially hammer an account with as many usernames and password combinations as possible in the hope that one will be correct and gain entry. OK, so that’s the simplified explanation, but by using lists of stolen or compromised credentials readily available from dark web marketplaces and in various criminal forums, it’s possible for hackers to access other accounts that share the same passwords.
A March 25 threat intelligence report from Abnormal Security has sounded the alarm about an automatic hacking machine, known as Atlantis AIO, that can take these millions of stolen passwords and use them in just such credential stuffing attacks.
“Atlantis AIO has emerged as a powerful weapon in the cybercriminal arsenal,” Abnormal Security analysts said, “enabling attackers to test millions of stolen credentials in rapid succession.” Where Atlantis excels, however, is in providing pre-configured modules to automate the targeting of specific services, from email providers such as ing Hotmail, Yahoo, AOL, GMX, and Web.de, to streaming services, VPNs, financial institutions, and even food delivery services. In fact, the report revealed the Atlantis AIO hacking machine can be aimed at more than 140 different platforms.
Atlantis AIO Quickly Tests Stolen Passwords At Scale
“By offering pre-configured modules for targeting a range of platforms and cloud-based services,” the threat intel report warned, “it allows cybercriminals to launch credential stuffing attacks at scale with minimal effort.” The secret to the success of this automatic hacking machine is its modular approach. This can be demonstrated across three areas.
- Specialized modules for email attacks that enable hackers to rapidly probe accounts for popular platforms. But as well as just probing with those stolen passwords, Atlantis AIO has an inbox takeover feature that allows a hacker to control the account for further malicious purposes.
- Brute-force attack modules allow for the rapid cycling of commonly used or weak username and password combinations to quickly gain access to accounts with poor protection, even if the password hasn’t been compromised per se.
- Recovery modules targeting various services to enable CAPTCHA and similar security protections to be bypassed. An auto-doxer recovery feature even automates the account recovery process to streamline the account takeover and make it much easier to execute large-scale attacks.
The use of a password manager to ensure unique and strong passwords for every account, along with two-factor authentication for all your accounts, can help mitigate this kind of attack. Don’t share your passwords between accounts is the most pertinent advice, follow it.
