RIPE NCC Reveals Failed Brute-Force Assault on Its SSO Service
The Group Announced to Have Suffered a Credential-Stuffing Attack Against Its Infrastructure.
- Failed credential-stuffing attack on RIPE NCC’s infrastructure.
- These assaults aim to compromise a large number of user accounts with stolen credentials.
- The group, which manages the IP address space for the EMEA region, is asking members to enable 2FA for their accounts.
RIPE NCC, the organization that manages and assigns IPv4 and IPv6 addresses for EMEA, has disclosed a failed cyber-attack towards its infrastructure, notes Catalin Cimpanu. The group released an official statement divulging that their “single sign-on (SSO) service was affected by what appears to be a deliberate ‘credential-stuffing’ attack, which caused some downtime.” They’ve successfully mitigated the attack, and are now taking steps to ensure that their services are better protected against such threats in the future.
Founded in 1992, RIPE NCC has since overseen the distribution of Web quantity assets (IPv4 and IPv6 addresses, as well as autonomous system numbers) to data centers, web hosting firms, TELCOs, and Internet service suppliers within the EMEA area.
You can imagine why any compromise of any RIPE NCC account would spell large issues for both RIPE and account holders – such credential-stuffing attacks could permit hackers to re-assign web assets to third-parties. This was the case of the AFRINIC WHOIS database when over 4.1 million IP addresses belonging to African companies were stolen and inappropriately used, according to an AFRINIC investigation.
Since IPv4 addresses are highly demanded all over the world, there’s no wonder there was a flourishing black market shaping over the previous decade. This market is driven by hijacked IPv4 handle blocks, and its most recurring prospects are malware gangs that use it to lease entry to hijacked IPv4 handle areas to enable them to ship spam and skirt spam blocklists.
As for RIPE NCC, they officially ran out of IPv4 addresses back in November 2019, which explains why threat actors are targeting member accounts with the purpose of hijacking existing address pools.
In response to the attack, RIPE is asking all its members to enable two-factor authentication for their Access accounts to limit their exposure to credential-stuffing assaults.

As thoroughly detailed in our credential stuffing guide, these types of cyberattacks attempt to compromise a large number of user accounts with stolen credentials. Over 80% of companies worldwide admit it is difficult to detect, fix, or remediate credential stuffing attacks, and these attacks result in millions of dollars a year in costs per company.
While there is no perfect method that can 100% prevent credential stuffing attacks, the 6 methods we have discussed in our guide above are considered the most effective in identifying, preventing, and mitigating the effects of credential stuffing.
The most effective strategy, however, is to have an effective bot detection and mitigation solution that can detect the credential stuffing attempt in real-time. I don’t need to repeat how important is to have multiple layers of security on all the devices you use. You need both an antivirus solution and a shield on top of it, like our Threat Prevention security suite and Heimdal™ Threat Prevention products. We at Heimdal™, urge our users to always keep their apps and programs up to date, as they include both security and feature patches, and will improve the software programs used. Our Heimdal™ Free automatic software updater is also highly recommendable to improve your security.