Account Takeover fraud has become a common practice for cybercriminals. One way to combat this growing financial theft is with bot management.
An account takeover (ATO) attack is a form of cyberattack where someone’s credentials are stolen and then used to send emails, usually phishing, from their real account. Two variations of ATO attacks include credential stuffing and brute force attacks – credential stuffing attacks require contexts such as a list of possible credentials to use, whereas a brute force attack does not require context and involves guessing random usernames and passwords.
Recently, some users of the app HouseParty fell victim to these types of attacksOpens a new window . During the current COVID-19 situation, the app’s popularity surged as people used it to stay connected with family and friends. However, the app has recently been plagued with reports of hackings due to credential stuffing and has even gone as far as to offer a $1 million reward to anyone who can find the source of these issues.
Another recent example of this attack is the brute force attack campaign that targeted TaoBaoOpens a new window , the Chinese e-commerce website owned by Alibaba. The attack resulted in 20.6 million TaoBao accounts being compromised. It resulted in Alibaba asking all of its users (over 100 million) to change their usernames and passwords.
In recent years, ATO has become more frequent due to several factors: the personal information that businesses hold for their customers can be highly valuable to cybercriminals. Companies that operate in financial, healthcare and e-commerce sectors are especially vulnerable to these attacks as the information they hold can be used for various profitable means such as utilizing credit card details for fraud, taking social security numbers and filing false tax returns, and blackmail based on private medical records. Also, if the attacker was able to get hold of an administrator account, it could grant them elevated access, allowing the cybercriminal to move laterally through the organization.
Learn More: How Companies Can Manage IT Tool SprawlOpens a new window
Additionally, the availability of cloud compute resources means that cybercriminals are able to obtain cheap options to install software that guesses account passwords. Although password requirements continue to become more complicated, guessing them can be simply because people tend to reuse passwords.
These types of attacks rely on the scale to increase the odds of success – the more guesses an attacker can make, the more likely they are to be successful. This can result in businesses experiencing denial of service (DoS) attacks due to their servers and bandwidth being clogged up by the massive increase in traffic brought on by several ATO attacks.
The best way to counter these types of attacks is to minimize false positives. Doing this doesn’t block real customers and results in blocking a large percentage of traffic from attackers. However, not having the correct tools to implement this makes it nearly impossible.
The correct tools for this would be a combination of rate-limiting, filtering based on whether the user is using a browser, and Captcha challenges to verify if a user is a real human — however, this is not foolproof. This is where bot management comes in.
Learn More: Operational Technology, IT and Cross-Pollination of Opportunities and RisksOpens a new window
Bot management is a specialized tool that layers into an existing website and application security service (WaAS). Bot management combines behavioral analysis with threat intelligence feeds, heuristics, and machine learning in order to filter changing traffic coming in from automated bots. The tool is configured by creating rules that allow the platform to learn. These rules help the tool to identify what is normal traffic and begin to filter what isn’t normal. This approach has been proven to block around 70% of all malicious traffic almost immediately.
While implementing a tool like bot management is helpful in blocking these malicious attacks, it is important that the tool being used does not block the positive automated traffic and bots such as search engine crawlers, like the one used by Alexa devices. Currently, there is only a handful of security options available that are specifically designed to stop ATO attacks, and therefore, it is important to research the options that are out there and the providers who offer them. Boosting your security tools with software like bot management will help to keep your servers and your users’ credentials safe and minimize (if not stop) the reputational and financial damage an attack like this can cause to a company.
Did you like this article? Let us know on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We’d love to hear from you.