Cybersecurity threats are many and multi-faceted – cybercriminals employ malware, deceptive email scams, and other network-based attacks to infiltrate company systems and steal valuable information. Most recently, hackers have been using a particularly insidious attack called account takeover (ATO).
What is account takeover?
Account takeover is a cybercrime that involves taking over a victim’s online account within a system or network. In practice, it is similar to identity theft in the physical world, where an entity assumes the credentials of the victim to gain access to assets, resources and channels.
How does ATO occur?
Cybercriminals utilize a variety of methods to achieve account takeover. Among the most direct is credential stuffing, which involves obtaining login details such as username and password combination and pushing these across multiple websites or networks hoping to score a hit. The credentials may be obtained through illicit activities such as hacks, leaks, or purchases on the Dark Web.
Another ATO method is password cracking, in which an attacker attempts to gain access into a targeted channel by trying different passwords. Many cybercriminals are able to use sophisticated automated algorithms to identify likely combinations at fast speed.
More subtle and perhaps most effective is social engineering, which involves scouring available sources such as social media accounts and open databases, or through phishing, to collect data on a subject. The information is then used to slip through security protocols with collected passwords as well as answers to security questions and other filters.
The goals of account takeover
Among the most dangerous aspects about an account takeover attack is that it can lead to even more dangerous cybercrimes. Commandeered accounts can be used to launch phishing campaigns within a corporate network. Typical phishing campaigns are launched from proxy accounts, but those perpetrated using genuine accounts are extremely difficult, if possible, to detect. An account that has been compromised can also be used to take over other accounts.
ATO’s can be used to enact commands without the owner’s consent, such as enabling permissions or transferring bank funds and data resources. Additionally, access to the account can be sold to other entities. Consequences of ATO include financial and data loss as well as reputational damage to the individual victim and business.
Accounts most susceptible to takeover are those that are part of a network that grant the intended cybercriminals a significant amount of power or access. Users with poor password habits and sensitive information on the web are extremely vulnerable to exploitation.
How to prevent account takeovers
A proactive system to bolster security can significantly reduce the risks of ATO. Suggested defenses include the following:
- Especially for accounts with access to a company network, implement multifactor authentication rather than relying on simple password login.
Limit the number of login attempts to curb attacks that involve trying different credential combinations.
- Implement security training for team members so they are prepared to defend against ATOs. Employees can learn to cover their online trail so sensitive information cannot be leveraged. Practice identifying suspicious activity stemming from compromised accounts.
- Keep track of devices and note login locations to help identify suspicious access attempts, even when the right credentials are provided. AI technology can be tapped to identify attack techniques and issue warnings when alerts are triggered.
Account takeover is becoming increasingly popular among cybercriminals, with serious potential consequences to an organization. Call Roebuck Technologies now and bolster your business’s defenses against these and other cyberthreats.