Does the risk of account takeover attacks keep you up at night?
Bots never sleep — which means that online businesses are at risk of credential stuffing and account takeover (ATO) attacks 24/7. ATO occurs when bad actors use stolen usernames and passwords to break into user accounts, ultimately to commit fraud.
With just one script, cybercriminals can launch automated credential stuffing attacks to test thousands of usernames and passwords on popular sites. Unfortunately for account holders, ATO is on the rise. A recent report found over 15 billion username and password combinations up for sale on the dark web, fueling a 250% increase in account fraud over the course of 2020.
Losing sleep to account takeover attacks can be costly. Fraud typically costs businesses 1% to 10% of their annual revenue. This includes chargebacks and fines due to noncompliance with data privacy regulations, as well as long-term damage to brand reputation, loss of consumer trust and reduced stock value. For example, Australian retailer Woolworth’s was forced to cancel more than $1.3 million (AUS) in gift cards after it experienced a data breach that leaked details on nearly 8,000 cards from nearly 1,000 customers.
Legacy solutions can help you get some rest, but not a full night’s sleep. Traditional security solutions like web application firewalls (WAFs), CAPTCHAs and standard multi-factor authentication (MFA) can help block common, known bots, but are unable to identify today’s advanced bots. Because of this, organizations experience an IT burden and pay high operational costs to manage bad bots.
Cybercriminals are using modern bot technology to evade legacy security systems. It’s time for businesses to use modern technology as well so that you can rest easy knowing your applications are fully protected.
*** This is a Security Bloggers Network syndicated blog from PerimeterX Blog authored by PerimeterX Blog. Read the original post at: https://www.perimeterx.com/resources/blog/2021/turn-out-the-lights-on-account-takeover-attacks/