Tales From the Road: Minimize Third-Party Software Security Risks

How to Prevent Credential Stuffing with IPv6 Protocol Security

Third-party software security risks are created when third-party vendor products lack security, giving attackers wide open access to your organization’s networks and databases.

When a vendor has access to your network, including customer and corporate information, your own company’s security doesn’t cover all the gaps, so vetting your vendors before partnering up is critical. Our restaurant-industry client found this risk out the hard way following a breach of its customer loyalty program software.

Spoiler Alert: There is something you can do to protect your organization from the inside-out and prevent attacks such as credential stuffing… Tighten up your IPv6 protocol security. Keep reading to learn how.

Not My Order: A Classic Case of Credential Stuffing

Our client, who operates franchised and corporate-owned full-service restaurants, had adopted third-party identity management software to run its customer loyalty program. When customers began contacting the restaurant to notify them of erroneous logins and mobile orders, the company was able to identify the issue as a credential stuffing breach of the third-party software.

What is credential stuffing? Credential stuffing is an attack tactic where bad actors access usernames and use brute force attacks to attempt to guess passwords with no context or clues, using characters at random, and sometimes combining common password suggestions. Credential stuffing uses exposed data, which dramatically reduces the number of possible correct answers.

Incident Response: DirectDefense to the Rescue

DirectDefense got the call to help with conducting an incident response to remediate the credential stuffing breach. At this point, the number of impacted customers had climbed from 130 to 273, with others likely affected but still unaware. Due to gaps in the company’s PCI compliance, it was also not immediately clear if credit card data had been compromised as well.

In conjunction with the company’s decision to switch its customer loyalty software system to another third-party vendor, we were able to monitor the system for any lateral movement, which would indicate the credential stuffing attack had successfully granted the attackers access to the network.

Our incident response efforts were greatly hampered by the lack of cooperation from the third-party vendor, which refused to conduct testing and contact customers for password resets. Without cooperation, and with the continued siloing of security responsibilities between the two companies, it was difficult to conduct an effective incident response in short order.

How to Prevent Credential Stuffing: Architect a Plan for IPv6

The answer to how to prevent credential stuffing lies in your IPv6 plan. Because of our client’s improper implementation of the IPv6 protocol, the system crashed when rate limiting was applied, creating additional roadblocks to remediation and further widening the threat surface during an active attack.

So how can you prevent a credential stuffing attack from taking you down? The best thing you can do is revamp your existing network. Clean up, throw out, and upgrade your outdated and outmoded features so you have a clean and uncluttered runway for implementing IPv6.

Follow these quick tips to get started:

  • Implement gradually to allow time for ensuring IPv6 will function with your existing IPv4 infrastructure.
  • Opt for dual-stack mode to ensure applications not yet functional with IPv6 will be supported.
  • Inspect all tunnel traffic and IPv6 traffic (including that within the IPv4 packets) before permitting it to enter or exit your system.
  • Be wary of attackers as malicious actors are already infiltrating IPv6.
  • Upgrade to a certified firewall.
  • Require authentication to reduce the threat of unauthorized parties.
  • Know the differences between IPv4 and IPv6 syntax so you can more quickly deal with a security breach or implement necessary security measures.
  • Shut IPv6 capabilities off when not in use.
  • Know how to “kill” unwanted IPv6 visitors if they happen to stop by. Knowing the syntax and creating traffic filters and firewalls can help.

Don’t Let Third-Party Software Bring You Down

IPv6 presents new ways for attackers to compromise your network and understanding how to properly secure, use, and address breaches within the protocol is critical to preventing vulnerabilities.

By being smart about IPv6 implementation and being mindful of third-party vendor security you can help prevent a credential stuffing attack.

Contact Us Today!

We’ll help you develop an incident response plan so you can take on security threats or attacks as a unified front. Contact us today.


2023 Security Operations Threat Report