The How and Why of Account Takeover Attacks

What Is an Account Takeover?

Exactly what it says on the label: an account takeover or ATO is when an account that is used to access company or personal resources is hijacked and taken under the control of a hacker. The credentials used to authenticate to the account are the same ones used by the legitimate user. This makes it hard to tell who is real and who is malicious at the point of login. With many cyber-breaches exposing login credentials, and with the success of phishing emails stealing credentials, it doesn’t take a Ph.D. in cybersecurity to work out that account takeover is a natural next step.

And, the statistics show this to be the case. Account takeover is a serious issue and one which is increasing. According to Javelin Strategy, account takeover tripled in 2017 with losses of $5.1 billion.

What Happens When an Account is Subject to an Account Takeover?

The beginning of the journey to an account takeover usually starts with a phishing email and/or accidentally or maliciously exposed login credentials. In the case of an organizational account takeover, the cybercriminal often takes advantage of employees, essentially turning them into an inadvertent insider threat to a company — exposing credentials for accounts as they go.

In the case of an ATO that uses exposed credentials available through sources like the Dark Web, a web of automated bots is used to “try out” the credentials against ecommerce sites to find a fit. This was the case in the FitBit account takeover attack of 2015. Here, fraudsters were using a two-pronged attack: exposed credentials were used to login to a customer’s FitBit account, change the email on the account, then call up customer support with a complaint and obtain a replacement under warranty. Scams like this (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Susan Morrow. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/X3i3e5vvPf8/