Account Takeovers - another threat on the rise.
Updated: Jun 6
Cybercriminals find low hanging fruit.
Account Takeovers, or ATOs, are on the rise and may be in your network…and you don’t even know it. Making matters worse, these ATO attempts have increased by 671% in Q3 of 2021 alone, according to this 2021 report on cybersecurity threats.
ATOs are a common form of cyber-attack that occurs when a cybercriminal uses legitimate credentials to gain unauthorized access to user accounts. Once inside, the attacker may:
Steal sensitive data such as payroll, bank access and intellectual property.
Conduct corporate espionage.
Approve fraudulent charges or vendor payments.
Transfer funds to a fraudulent account.
Send out damaging email or social media comments.
I find that many business owners are not as aware of ATOs, as they are ransomware, data breaches, or identify theft. The notion that a hacker may have login credentials to their cloud apps does not resonate with many as there is a false sense of security that if they have invested in firewalls, endpoint protection and encryption that they are safe.
So how do attackers obtain legitimate credentials that give them access to your most valuable data and software? There are several including:
Email phishing campaigns that impersonate an executive or business owners.
Acquiring off the Dark Web your credentials that have been harvested through other cyber-attacks.
Computers infected with key-logging malware which sends the recorded data back to the attacker.
Computerized brute-force and credential stuffing attacks, in which passwords are guessed against dictionaries and other personal information of user.
Once the attacker has the login credentials, takeovers may go unnoticed for a long time or never. With the right login credentials, the attacker can very subtly create fraudulent transactions and cover them up.
Think you’re not a target?
According to this Experian fraud report, 57% of organizations have become victims to ATOs during 2020.
Why are these ATO attacks on the rise? Primarily, because of the increased adoption of cloud-based software applications, otherwise known as Software-as-a-Solution (SaaS).
A good example of this is the ever more popular Microsoft 365 solution that hosts email, file share, chat, video and other key business communication functions. Microsoft alone experiences over 300 million fake login attempts PER DAY. Other business platforms such as Slack experience similar fake login attempts.
VIPs Most Targeted by Takeover Attempts
While executives and other high-level employees are more likely to be impersonated in a business email compromise attack, they are also more likely to be the victim of an account takeover.
C-suite executives experience nearly three times the risk of account takeovers than vice presidents—the next most targeted group. Executive assistants are also highly targeted as they are privy to nearly as much sensitive information as the executives who hire them.
For these reasons, it’s become increasingly more important to ensure passwords are difficult to crack, and their accounts are secure. It only takes one easily guessed or reused password to gain access to the keys to the kingdom.
Preventing Account Takeovers
The key method for preventing these ATOs is to use a stronger and more complex password. According to Google, 66% of people reuse passwords from account to account.
We’re only human so it’s reasonable to expect that we cannot remember multiple complex passwords for multiple accounts. I strongly encourage using a commercial password manager, such as LastPass, that will help manage these passwords and provide a centralized platform for managing all passwords within the business.
Use Multi-factor Authentication (MFA) and Single Sign-On (SSO). This is the single most important preventive measure you can take to avoid ATOs. While some cloud-based applications support MFA, others may not. Recommend an MFA/SSO solution such as DUO that provides that extra layer of protection.
* * * * *
As I have pointed out, the damage from account takeovers can be devastating to any business. And you may already have been infiltrated but don’t know it yet. Yet, implementing these simple, preventative measures will ensure you can protect your reputation, business and finances from these cyber-attacks.
About the Author: Tommy Wald is CEO of RIATA Technologies, a full-service IT provider located in Austin, TX. He can be reached at TWald@RiataTechnologies.com.