Targeted Attacks: How Sophisticated Criminals Bypass Enterprise Security Measures


WEBINAR

Targeted Attacks: How Sophisticated Criminals Bypass Enterprise Security Measures


SpyCloud + ISMG

For close to three years, a technology executive was hounded by a persistent attacker who stole his identity, opened credit cards in his name, and wired funds from his bank account. Though SpyCloud helped bring this particular criminal to justice, these tactics are common in targeted attacks.

If your account takeover prevention program primarily focuses on automated attacks like credential stuffing and password spraying, you may be leaving your organization exposed to serious losses. Targeted account takeover attacks are manual, creative, and elusive, making them one of the most difficult aspects of security and risk management. When criminals decide to go after high-value individuals and organizations, they’re motivated to pull out all the stops, engaging in time-intensive, difficult to perpetrate methodologies in pursuit of lucrative rewards.

Dig into the tactics, techniques, and procedures criminals use to perpetrate highly-targeted attacks and identify areas where you might be investing unwisely in security technologies, leaving you vulnerable to sophisticated attackers.

View this on-demand webinar to learn:

  • The timeline of a breach and what types of attacks are prevalent at each stage
  • The advanced tactics criminals use to bypass enterprise security measures

  • Perspective on why enterprises should be more concerned about targeted vs automated account takeover attacks

  • Steps you can take to bolster your defenses and protect against the most damaging attacks

Solution Spotlight: ATO Prevention

Reset stolen passwords before criminals can use them to defraud your users or access sensitive corporate data. Learn More

Watch the Webinar:

Targeted Account Takeover Attacks

Presenter Info

Chip Witt, Head of Product Strategy

Chip Witt has nearly twenty years of diverse technology experience, including product management and operations leadership roles at Hewlett Packard Enterprise, Webroot, VMware, Alcatel, and Appthority. He is currently the Head of Product Strategy and manages the Customer Success Program at SpyCloud, which provides cloud-based security services to help businesses of all sizes prevent data breaches and account takeover attacks by alerting when employee or company assets have been compromised. Chip works closely with field intelligence teams specializing in OSINT and HUMINT tradecraft, actor attribution and underground monitoring.

A few of our happy customers:

Related Resources

The SpyCloud Difference

Current, Relevant, Truly Actionable Data

SpyCloud’s account takeover prevention and fraud investigation solutions are backed by the world’s most current and comprehensive repository of recovered stolen credentials and PII. More data, particularly plaintext passwords, means more matches and stronger account protection.

SpyCloud human intelligence researchers have recovered billions of data breach assets, including stolen passwords and emails that can put enterprises at risk of account takeover

Check Your Exposure

See your real-time breach exposure details powered by SpyCloud data.

SpyCloud Helps Bring an Identity Thief to Justice

CASE STUDY

SpyCloud Investigations

Industry: TECHNOLOGY

SpyCloud Helps Bring an Identity Thief to Justice

After Three Years of Identity Theft and Financial Fraud, An Executive Turns to SpyCloud for Help

SpyCloud’s core mission is to significantly disrupt the cybercriminal economy to eliminate the loss of money, time, and reputation due to online fraud – ultimately making the internet a safer place for individuals and businesses.

Due to the depth of our investigations experience and breadth of our breach asset database, we’re often brought in to assist customers with investigations, and frequently partner with law enforcement to bring criminals to justice.

This is the story of one such investigation, which was recently brought to a satisfying conclusion.

Background on the Case

We were put in touch with an executive who had been the victim of identity theft and financial fraud by an unidentified attacker for close to three years — a leader at a nationally-recognized technology solutions firm. 

Using a combination of stolen credentials and social engineering, the attacker perpetrated a string of crimes, including:

  • Opening numerous bank accounts in the executive’s name, leveraging his Social Security number
  • Opening various credit cards in his name
  • Accessing his utility bills and even shutting his utility services off
  • Accessing his actual bank account and wiring funds
  • Unlocking the credit hold the victim put in place as a stopgap

Based upon the duration and types of activities performed by the attacker, it was clear that not only were we dealing with a tenacious and determined bad actor, but that the attack was highly targeted. 

Targeted attacks, though time-consuming, are highly effective, difficult to stop and can lead to huge losses – as this victim experienced.

The victim had one clue as to the identity of the perpetrator: a check had been issued from his real bank account to an unknown person – possibly the attacker.

Enter: SpyCloud

Investigators at SpyCloud were asked to look into the suspected attacker’s digital footprint to stitch together a profile, reveal possible alternate identities, and potentially attribute other crimes. Investigators often begin with only one piece of information – an email address or phone number, or in this case, a name. At the outset, we reviewed publicly available information tied to the suspect’s name, such as known addresses and phone numbers. We then leveraged OSINT to collect additional PII, and were able to identify four pertinent email addresses that guided our next steps.

Using Maltego, we dove into SpyCloud’s datalake of nearly 100 billion breach assets: decades worth of digital breadcrumbs that can be used to locate and unmask criminals (like the rest of us, criminals use online accounts that are subject to data breaches). 

Pivoting off the email addresses, we found numerous identities under which the suspect was performing illegal activities — email addresses or user IDs that had either been stolen on the internet or created to impersonate other victims. Various other identities tied to an original known email address is a strong indicator that a person is engaging in criminal enterprise. 

Based upon IP addresses, we were able to geolocate the suspect’s residence and drop off points. We identified another criminal at the suspect’s address: his sister, who was also committing financial fraud. We also found many phone numbers attributed to the suspect — both land lines and burner phones. 

Finally, using SpyCloud data, we were able to locate an address for the suspect that was tied to a previous arrest record in a neighboring county.

The Arrest

Everything we learned was provided to the local police department. Along with information the detective compiled, the SpyCloud report was used to help curate the warrant for the suspect’s arrest.

During the arrest, evidence was collected from the suspect’s house showing the victim’s name, utility and cable TV account numbers written on a piece of paper.

The suspect is currently facing multiple felony charges. SpyCloud is proud to have helped put an end to the technology executive’s victimization.

With SpyCloud data acting as a roadmap to unmask and bring criminals to justice, we regularly offer our customers and partners assistance with investigations, and cooperate with law enforcement to take criminals of all types off the streets.

SpyCloud partners with law enforcement to investigate and take down cybercriminals committing online fraud, identity theft, and other illegal activities.

Transform Your Investigations

Whether you begin with a name, email or phone number, SpyCloud Investigations – backed by 50+ Maltego transforms and over 100 billion searchable breach assets – makes it faster and more efficient to take down those attempting to harm to individuals and businesses.

Learn More About SpyCloud Investigations

The SpyCloud Difference

Current, Relevant, Truly Actionable Data

SpyCloud’s account takeover prevention and fraud investigation solutions are backed by the world’s most current and comprehensive repository of recovered stolen credentials and PII. More data, particularly plaintext passwords, means more matches and stronger account protection.

SpyCloud human intelligence researchers have recovered billions of data breach assets, including stolen passwords and emails that can put enterprises at risk of account takeover

Download the PDF version of the case study to print or share with others.

Targeted vs. Automated Account Takeover Attacks

WHITEPAPER

Targeted vs. Automated
Account Takeover Attacks

Account takeover (ATO) occurs when criminals use stolen logins to access user accounts without permission–typically credentials that have been exposed in a third-party breach. Using victims’ accounts, criminals can make fraudulent purchases, drain accounts, steal sensitive data, or move laterally within a target organization.

The vast majority of account takeover attempts are automated credential-stuffing attacks. However, SpyCloud customers report that 80 percent of losses come from just 10 percent of ATO attempts, which are highly targeted and challenging to detect.

Read this whitepaper to learn:

  • The differences between targeted and automated account takeover attacks and why targeted attacks can cause so much damage
  • The five phases of an account takeover attack and the tactics, techniques, and procedures cybercriminals throughout the attack timeline
  • How early detection can help you prevent both targeted and automated account takeover

Solution: Account Takeover Prevention

Reset stolen passwords before criminals can use them to defraud your users or access sensitive corporate data.

Learn More

Download the Whitepaper

Targeted vs. Automated Account Takeover Attacks

A few of our happy customers:

Related Resources

Case Study

Top 10 Travel Booking Site

Preventing account takeover begins with monitoring the dark web, but without the ability to match user accounts with a database of exposed credentials, a top 10 travel booking site was vulnerable to attack.

Read More

The SpyCloud Difference

Current, Relevant, Truly Actionable Data

SpyCloud’s account takeover prevention and fraud investigation solutions are backed by the world’s most current and comprehensive repository of recovered stolen credentials and PII. More data, particularly plaintext passwords, means more matches and stronger account protection.

SpyCloud human intelligence researchers have recovered billions of data breach assets, including stolen passwords and emails that can put enterprises at risk of account takeover

Check Your Exposure

See your real-time breach exposure details powered by SpyCloud data.