19 February 2021

RIPE NCC asks its members to enable 2FA following credential-stuffing attack


RIPE NCC asks its members to enable 2FA following credential-stuffing attack

RIPE NCC, a regional Internet registry (RIR) for Europe, the Middle East and parts of Central Asia, has revealed it was hit by a “deliberate credential-stuffing attack’ attempting to gain access to single sign-on (SSO) accounts.

The RIPE NCC supports the technical and administrative coordination of the infrastructure of the Internet. It is a not-for-profit membership organization with over 20,000 members located in over 76 countries, they are mostly Internet service providers, telecommunication organizations and other companies that manage their own network infrastructure.

“Last weekend, RIPE NCC Access, our single sign-on (SSO) service was affected by what appears to be a deliberate ‘credential-stuffing’ attack, which caused some downtime,” the organization said in a message posted on its website.

The agency added that it managed to thwart the attack and that it has no evidence that any SSO accounts have been compromised. However, the RIPE NCC now asks its members to turn on two-factor authentication on their SSO accounts.

“We would like to ask you to enable two-factor authentication on your RIPE NCC Access account if you have not already done so to ensure that your account is secure. In general, using two-factor authentication across all your accounts can help limit your exposure to such attacks,” the internet registry said.

Back to the list

Latest Posts

Researchers discover connection between SunCrypt and QNAPCrypt ransomware

Researchers discover connection between SunCrypt and QNAPCrypt ransomware

SunCrypt may be an updated version of the QNAPCrypt ransomware.
4 March 2021
Cybersecurity firm Qualys appears to be the latest victim of Accellion FTA zero-day attacks

Cybersecurity firm Qualys appears to be the latest victim of Accellion FTA zero-day attacks

The cybercriminals behind the Clop ransomware operation have posted screenshots of files allegedly stolen from Qualys on their leak site.
4 March 2021
CISA orders federal agencies to ‘immediately’ patch Exchange flaws exploited by hackers

CISA orders federal agencies to ‘immediately’ patch Exchange flaws exploited by hackers

Several APT groups are exploiting "at least" the CVE-2021-26855 Microsoft Exchange Server vulnerability as part of ongoing attacks, ESET says.
4 March 2021