Hacker - Cybercriminal / Cybersecurity.org Account takeover (ATO) is a type of identity theft, and increasingly on the rise costing indivi...
 |
| Hacker - Cybercriminal / Cybersecurity.org |
These attacks occur, in several ways, exploiting personal information online which is not always secured. And because of this, fraud-as-a-service has emerged. Cybercriminals use it to target retailers, gaming organizations, financial services, and any consumer-driven enterprise. The IRS has released a statement warning users about ATO tactics and continues to remind the general public about the problem.
Gaining Access to Private Data
ATO attacks target people in several ways such as hacking, phishing, vishing, check fraud, credit card fraud, and mortgage refinancing fraud. Once a hacker executes a successful account takeover, he or she is in a position to use sensitive information in a variety of ways. For the most, they “own” the account until the user/vendor shuts them down. To execute an account takeover, hackers steal usernames and passwords, along with email addresses. They accomplish this through password dumps, phishing, or malware.
Common ATO Targets
Most ATO attacks are financially motivated and target these areas:
E-commerce
Services that store a user’s banking information are targets. An attacker with a compromised account can transfer money from bank accounts, purchase online goods using credit card or debit card information.
Online Currency Fraud
Any online service that’s has assets that are worth real currency is a potential target. Attacks include stealing video game credits, reward programs points, discounts, and other online goodies. Examples of targets include Groupon, TeamViewer, and U.K.’s National Lottery.
 |
| Cyber intrusions and system attacks are on the increase / EC-Council |
Spam
Spam can be used on any service that allows content, direct emails, and forums to disrupt service. The activity results in monetary loss due to a lack of brand reputation and trust.
Phishing
Criminals assume a compromised user’s account to launch a phishing attack directed at the user’s family, friends, or social media followers. The objective is to steal more credentials, financial information, or access to sensitive information.
How ATOs Are Conducted on a Large Scale
ATO-based attacks use extremely large bot collectives to crack passwords that directly protect accounts on websites. These web botnets are programmed to use a variety of attack modes to see which works best. Their mission is to confuse security solutions and make it hard to distinguish the good from the bad users that are accessing websites.
Even physical biometrics (fingerprints, retinal scans) can’t guarantee safety from a sophisticated piece of malware. Avanti Markets, for example, found this out recently. The company, which provides “micro-market” kiosks to over 1.6 million customers, was hit by malware that specifically targeted fingerprint verification functionality. By using its snack vending machines, Avanti customers may have inadvertently provided sensitive personal information to perpetrators.
What Makes It Easy for ATOs?
Account takeovers take time to set up and perpetrators look for vulnerabilities by examining websites and social media outlets they can exploit. Here’s a list of things that help facilitate ATO:
- Accounts with valid email addresses
- Weak passwords or the same passwords which were used on multiple sites
- Using the dark web to verify if a current credit card is already compromised or stolen (for example, checking a public blacklist)
- Lack of a web application firewall (WAF) which can determine good users from bad as well as classify suspected users and monitor them
How a WAF Mitigates this Risk
A WAF detects and mitigates unauthorized access by leveraging credential or device threat intelligence. Some key features of a strong WAF solution include the ability to:
- Identify and block malicious requests
- Determine and classify clients as human or bots
- Identify maliciously injected credentials into login portals to block credential stuffing
- Block brute force attacks by monitoring session-level requests where large sets of credentials are automatically inserted into login pages
- Enable login protection such as Google authentication, MFA, 2FA, or by specifying login URLs and authentication with SMS and email
- Monitor customers for leaked credentials online
- Profile credential stuffing tools and watch for evolving capabilities
ATO attacks target real people and is populated with real user information. It can be prevented by organizations that process user data when they use a solution with threat intelligence and advanced mitigation capabilities.