Account Takeover Attacks Continue to be More Than Just Nuisance

Account takeover (or ATO) attacks are on the rise as a greater number of cybercriminals are opting for these attacks.

Some statistics your way

  • According to a report by Sift, ATO attacks surged by 282% between Q2 2019 and Q2 2020, due to the rise in digital business and online shopping.
  • Since 2018, the number of stolen credentials put up for sale on the dark web has skyrocketed by 300%.
  • However, ATO fraud has hit online sellers of physical goods the hardest; the number is up by 300%.

Why this matters

People can be the target of ATO fraud virtually anywhere. Victims reported that their credentials have stolen from a wide range of websites, including streaming services, dating, travel, and banking sites, among others.

Latest ATO incidents

  • Critical vulnerabilities in CodeMeter could allow cybercriminals to take over industrial control systems.
  • Cybercriminals are targeting email clients using legacy software for BEC attacks. While password spraying and brute-forcing are still the most common choices, some attackers takeover accounts even with MFA protocols.
  • TeamTNT has been using Weave Scope to take over cloud instances.

The bottom line

Online fraud has become an integral part of the threat landscape, especially during the pandemic season. Moreover, we still lack effective tools to deal with these threats and stop threat actors from making financial gains. Consumers are suggested to take their security in their own hands instead of relying entirely on online merchants. It should be noted that stakes are high when we are dealing with account takeovers as these attacks are diverse and adaptable.