Account Takeover 101

WHITEPAPER

Account Takeover 101

What Is It & What Can You Do to Prevent It?

Account Takeover 101 preview

“Even if you’re familiar with account takeover and think you’re prepared, the truth is it’s a never-ending game of whac-a-mole.”

Account Takeover (ATO) inflicts significant financial harm on businesses and individuals. As a corporate security team, you can’t defend yourself alone, and user habits will continue to put your organization at risk.

Preventing ATO might seem impossible, but vigilance and education offer some of the biggest advantages in beating criminals at their own game. With that in mind, we designed this whitepaper to help you thoroughly understand this ever-evolving threat and take the necessary steps to protect your users and your business.

  • Gain expert-level knowledge of the account takeover timeline
  • Understand user habits that lead to ATO risk and how to mitigate them
  • Know what measures are required to prevent ATO as early as possible

Download Account Takeover 101 [PDF] and see whether you’re doing enough to stop this insidious cyberattack.

Download ATO 101

Solution: Account Takeover Prevention

Reset stolen passwords before criminals can use them to defraud your users or access sensitive corporate data.

Learn More

A few of our happy customers:

The SpyCloud Difference

SpyCloud provides the earliest detection of potentially compromised accounts – those using credentials that have appeared in a third-party breach and are therefore at risk of account takeover. And we automate the remediation of exposed passwords, enabling enterprises to lock down accounts quickly, before damage is done. 

Our goal is to help organizations to protect themselves from criminal activity and disrupt criminals’ ability to profit from stolen data.

Check Your Exposure

See your real-time account takeover exposure details powered by SpyCloud data.

Surviving a Data Breach – On-Demand

WEBINAR

Surviving a Data Breach - On-Demand

Security Leaders Offer Real-World Advice for Stronger Breach Prevention and Response

Surviving a Data Breach - CISO CIO Panel

“We thought we were doing the right things, but it turns out we couldn’t keep up with evolving attacks.”

We recently hosted an in-depth discussion with two seasoned CxOs who have successfully led through worst case scenarios: breaches that exposed customer data. 

SpyCloud’s Chip Witt speaks with Harry D. Fox, former CIO of CareFirst BlueCross BlueShield, and Damian Taylor, former CISO of Landry’s, about the impact of recent breaches and how the companies responded and remediated. 

They share lessons learn on:

  • The nuances of responding to breaches stemming from phishing and malware
  • Communicating with boards of directors about recovery plans and findings
  • Handling media relations & notifying customers
  • Investing in new early-detection solutions to stay ahead of evolving threats
  • Making big strategic shifts in cybersecurity programs, policy changes, and company culture post-breach

It’s a rare peek into the aftermath of data breaches from the C-suite that’ll help you better prepare your own prevention and response plans.

About the CareFirst Breach
CareFirst is a health insurance provider serving more than 3 million individuals and groups in the Maryland and the Washington metropolitan area. Affecting 1.1M customers, the breach stemmed from a phishing incident with the same digital signature as the attackers who compromised Anthem. Learn more here.
About the Landry’s Breach

Landry’s 60 brands include seafood and steak restaurants like Morton’s and McCormick & Schmick’s, as well as Golden Nugget hotels and casinos. Of their 600 properties, 350 were affected by a malware attack designed to steal cardholder names, card numbers, expiration dates, and verification codes. Learn more here.

Watch the Webinar

Surviving a Data Breach

Panelists

Damian Taylor, Former CISO of Landry’s

Damian is a computer science and information security expert, a retired U.S. Naval Officer, and currently serves as the Senior IT Specialist for the United States Postal Service Office of the Inspector General. Prior his current role, he served as the Chief Information Security Officer for Landry’s, Inc. and Fertitta Entertainment (parent company of the Houston Rockets).

Damian’s information security career stretches back 20+ years as he’s served in multiple IT security roles throughout the Department of Defense with a focus on national security, information privacy, computer network defense, penetration testing, compliance, cybersecurity policy & strategy development.

Damian has a M.S. in Information Technology Management with a concentration in IT Security, CIO and CISO graduate certificates from National Defense University and a graduate certificate in Advanced Computer Security from Stanford University. He has taught IT Security courses as an adjunct professor and spoken at multiple IT Security focused events.

Damian Taylor

Harry D. Fox, Former CIO of CareFirst

Harry Fox is currently a Principal at Oak Advisor’s Group, a strategic advisory firm focusing on the intersection of information technology and healthcare.

Harry was the Executive Vice President, Chief Information Officer and Shared Services Executive at CareFirst Blue Cross Blue Shield from 2011 to mid-2018. CareFirst is a $9.0 billion not-for-profit health care company offering a comprehensive portfolio of health insurance products and administrative services to 3.2 million individuals and groups in Maryland, the District of Columbia, and Northern Virginia. Harry was the most senior out executive at CareFirst and was the Executive Sponsor for ProPride, CareFirst’s LGBTQ Associate Resource Group. 

Harry has also held senior-level positions at Kaiser Permanente, Coventry Health Care (now Aetna), and PricewaterhouseCoopers, and serves on the boards of multiple private equity-backed companies and not-for-profit organizations.

Harry is a graduate of the Wharton School, where he received an M.B.A. in finance.

Harry D. Fox

Moderator

Chip Witt, Vice President of Product Management

Chip Witt has nearly twenty years of diverse technology experience, including product management and operations leadership roles at Hewlett Packard Enterprise, Webroot, VMware, Alcatel, and Appthority. He is currently the VP of Product Management at SpyCloud, where he drives the company’s product vision and roadmap. Chip works closely with field intelligence teams specializing in OSINT and HUMINT tradecraft, actor attribution and underground monitoring.

The SpyCloud Difference

SpyCloud provides early detection of potentially compromised accounts – those using credentials that have appeared in a third-party breach and are therefore at risk of account takeover. And we automate the remediation of exposed passwords, enabling enterprises to lock down accounts quickly, before damage is done. 

Our goal is to help organizations to protect themselves from criminal activity and disrupt criminals’ ability to profit from stolen data.

Related Resources

Check Your Exposure

See your real-time breach exposure details powered by SpyCloud data.

Targeted Attacks: How Sophisticated Criminals Bypass Enterprise Security Measures


WEBINAR

Targeted Attacks: How Sophisticated Criminals Bypass Enterprise Security Measures


SpyCloud + ISMG

For close to three years, a technology executive was hounded by a persistent attacker who stole his identity, opened credit cards in his name, and wired funds from his bank account. Though SpyCloud helped bring this particular criminal to justice, these tactics are common in targeted attacks.

If your account takeover prevention program primarily focuses on automated attacks like credential stuffing and password spraying, you may be leaving your organization exposed to serious losses. Targeted account takeover attacks are manual, creative, and elusive, making them one of the most difficult aspects of security and risk management. When criminals decide to go after high-value individuals and organizations, they’re motivated to pull out all the stops, engaging in time-intensive, difficult to perpetrate methodologies in pursuit of lucrative rewards.

Dig into the tactics, techniques, and procedures criminals use to perpetrate highly-targeted attacks and identify areas where you might be investing unwisely in security technologies, leaving you vulnerable to sophisticated attackers.

View this on-demand webinar to learn:

  • The timeline of a breach and what types of attacks are prevalent at each stage
  • The advanced tactics criminals use to bypass enterprise security measures

  • Perspective on why enterprises should be more concerned about targeted vs automated account takeover attacks

  • Steps you can take to bolster your defenses and protect against the most damaging attacks

Solution Spotlight: ATO Prevention

Reset stolen passwords before criminals can use them to defraud your users or access sensitive corporate data.

Learn More

Zero Trust

Watch the Webinar:

Targeted Account Takeover Attacks

Presenter Info

Chip Witt, Head of Product Strategy

Chip Witt has nearly twenty years of diverse technology experience, including product management and operations leadership roles at Hewlett Packard Enterprise, Webroot, VMware, Alcatel, and Appthority. He is currently the Head of Product Strategy and manages the Customer Success Program at SpyCloud, which provides cloud-based security services to help businesses of all sizes prevent data breaches and account takeover attacks by alerting when employee or company assets have been compromised. Chip works closely with field intelligence teams specializing in OSINT and HUMINT tradecraft, actor attribution and underground monitoring.

A few of our happy customers:

Related Resources

The SpyCloud Difference

Truly Actionable Recaptured Data

SpyCloud solutions are backed by the world’s most current and comprehensive repository of recaptured data from breaches, malware infections, and other underground sources – with billions of exposed credentials and PII. It’s the same data that fraudsters use, but we make it actionable to prevent account takeover, ransomware attacks, and online fraud.

Check Your Exposure

See your real-time breach exposure details powered by SpyCloud data.

Targeted vs. Automated Account Takeover Attacks

WHITEPAPER

Targeted vs. Automated
Account Takeover Attacks

Account takeover (ATO) occurs when criminals use stolen logins to access user accounts without permission–typically credentials that have been exposed in a third-party breach. Using victims’ accounts, criminals can make fraudulent purchases, drain accounts, steal sensitive data, or move laterally within a target organization.

The vast majority of account takeover attempts are automated credential-stuffing attacks. However, SpyCloud customers report that 80 percent of losses come from just 10 percent of ATO attempts, which are highly targeted and challenging to detect.

Read this whitepaper to learn:

  • The differences between targeted and automated account takeover attacks and why targeted attacks can cause so much damage
  • The five phases of an account takeover attack and the tactics, techniques, and procedures cybercriminals throughout the attack timeline
  • How early detection can help you prevent both targeted and automated account takeover
Solution: Account Takeover Prevention

Reset stolen passwords before criminals can use them to defraud your users or access sensitive corporate data.

Learn More

Zero Trust

Download the Whitepaper

Targeted vs. Automated Account Takeover Attacks

A few of our happy customers:

Related Resources

Case Study

Top 10 Travel Booking Site

Preventing account takeover begins with monitoring the dark web, but without the ability to match user accounts with a database of exposed credentials, a top 10 travel booking site was vulnerable to attack.

Read More

The SpyCloud Difference

Truly Actionable Recaptured Data

SpyCloud solutions are backed by the world’s most current and comprehensive repository of recaptured data from breaches, malware infections, and other underground sources – with billions of exposed credentials and PII. It’s the same data that fraudsters use, but we make it actionable to prevent account takeover, ransomware attacks, and online fraud.

Check Your Exposure

See your real-time breach exposure details powered by SpyCloud data.