Virtualization Technology News and Information
Article
Search:
RSS
Follow VMblog.com:
Improve end user experience in VDI, DaaS and physical endpoint environments
The Anatomy of an Account Takeover: Understanding Attack Vectors and How to Stop Them in 2023
An account takeover (ATO) is a common attack where cybercriminals get ownership of the online accounts of other people using stolen usernames and passwords. An ATO will typically begin with gaining access to stolen credentials from different hacked sites or databases, a sale on the dark web, or a phishing campaign. Compromised accounts expose all sensitive information, including personally identifying information (PII), bank passwords, Netflix, and Amazon. There are two parts to preventing and protecting information from an ATO attack. Business owners must be on guard--and the public must be vigilant.

What is an Account Takeover?

Account takeovers are complex topics with multiple aspects to consider, and each case's elements change depending on the circumstances. ATOs are also called account takeover fraud or account compromise; essentially, a cybercriminal or hacker gains access to an account and can use the account and its information maliciously, from selling PII to full-scale fraud.

Two distinct groups of cybercriminals typically orchestrate ATO attacks: those who are casual, novice, or opportunistic and those who are high-level, sophisticated hackers. Both groups look for accounts with high-value information or access but are unrestrained by industry. Subsequently, ATOs are particularly hostile in cases involving financial or personal information, email access, or social media profiles. In many cases, the cases involving sophisticated, uniquely dangerous hackers cause significant worry.

How Account Takeover Fraud Happens

Sophisticated hackers cause immense damage to institutional websites, applications, or account databases by utilizing multiple attacks simultaneously; ATOs, once found or noticed, act like cockroaches; where there is one, there are many more. Hidden inside a server or network, hackers harvest resources from those accounts and use them to infect others. Large-scale ATOs are not a single attack but a choreographed, calculated assault.

Every ATO attack complies with a known life cycle. Hackers gain login credentials, validate them, sell them, harvest from them, or manipulate resources to gain more credentials. Hacked accounts are problematic for every person because distributing infected data is easy once inside a platform or network. Cybercriminals will impersonate an account owner to spread the infection or obtain access to specialized admin access. They can achieve this in a variety of methods:

  • Internal platform and personal information phishing: when employees email each other or use a company-wide communication portal or chat channels.
  • Impersonation of employees to bypass authentication steps: hackers can hijack accounts and then claim to be the owner to obtain sensitive information.
  • Personal information taken in ex-filtration: the moment a hacker is on a device, all PII is at risk, including mailboxes, calendars, contacts, and saved passwords.

What Factors Can Increase Account Takeover Fraud Popularity?

ATO attacks increased 307% between 2019 and 2021; frightening implications aside, the increase is somewhat expected, with losses in 2021 totaling $11.4 billion. Sophisticated hackers want bigger targets with better payouts and aim for higher accounts. Simultaneously, more casual hackers enter the trade as information becomes available online. These days, simple tools on the dark web do every step of the process for you; however, what they glorify as clunky "ease" makes them highly prone to detection.

Account Takeover Phases

ATO applications run automated scripts with preset options, removing much of the skilled labor necessary in the past; this results directly in increased cases of identity fraud. Identity fraud statistics have reported up to a quarter of all identity fraud in North America due to an ATO attack. Cybersecurity experts can identify active assaults in any of the life cycle phases of the event. Understanding the cycle assists in anticipating future cybersecurity concerns from both the business owners and the public's perspectives.

Phase 1: Theft

ATOs begin with the theft of credentials. Passwords, usernames, email addresses, and personal information for security questions are usual targets. Unfortunately, there are many ways to collect much of this information quickly: leaky databases, social engineering, security breaches, hacked websites or applications, or buying them on the dark web. Some ATO casual attackers collect these unverified pieces of information and put them up for sale themselves.

Phase 2: Validation

Next, the credentials must be verified before a cybercriminal can utilize them. ATO applications may check hundreds of thousands of passwords and usernames before the attacker shuts off their computer. ATO casuals often run one set of information across thousands of websites to scour for matching accounts or check thousands of accounts on one website. Sophisticated actors don't share their credential information; when they do, it costs thousands of dollars.

Phase 3: Fraudulent Use

Cybercriminals can finally extract value from their validated accounts in this phase; depending on the information they have, this can culminate in financial or identity fraud. However, some fraudsters are after smaller valuables than your bank account. Businesses, for example, have applications where repeat customers can access valuable benefits from interacting online. Rewards for participating differ between industries and often include loyalty points, airline miles, gift cards, and digital currency. To take advantage of these digital values is easier than an attempt on a bank, so many fraudsters find this lucrative.

Account Takeover Fraud Protection and Prevention

Commercial business owners and the public must participate in protective and selective interactions online to mitigate and avoid ATO attacks. For the public, proactive behavior includes strong, unique passwords and cryptographically defended password managers. Meanwhile, for the business owner, learning the weak points of your security is essential. After learning weak points, develop a plan and begin to defend them. Real-time cybersecurity experts can implement tools before an attack hits.

Help Mitigate Account Takeovers

ATOs are multi-computer involving cyber attacks; businesses are particularly susceptible to ATOs, although they hurt individuals the most. They work by gaining credentials to a valuable account, verifying it, then passing it off to a cybercriminal. These criminals then can commit fraud, theft, or harvest the information for more malicious acts later. It's not all bad, though: businesses and individuals can work together to limit ATOs and their impending impacts. 

##

ABOUT THE AUTHOR

David-Lukic 

David Lukić is an information privacy, security and compliance consultant at IDstrong.com. The passion to make cyber security accessible and interesting has led David to share all the knowledge he has. 

Published Tuesday, February 28, 2023 7:32 AM by David Marshall
Filed under: ,
Get This Featured White Paper: 7 Trends in Endpoint Security
You may also be interested in this white paper: Analyzing VMware Horizon Logons
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Customer Connect
Global Digital
DTX
DTW-NA
innovatrix
GISEC
global-digital-cx
vExpert
Calendar
<February 2023>
SuMoTuWeThFrSa
2930311234
567891011
12131415161718
19202122232425
2627281234
567891011