
Targeted vs. Automated Account Takeover Attacks
Account takeover can be highly-targeted, sophisticated, and manual, or it can be high-volume and automated. Learn how to protect your enterprise from both types of ATO.
SpyCloud Customers Say 80% of Losses Come from Just 10% of Attacks
All account takeover prevention solutions are not created equal. Many products, such as botnet firewalls and solutions that rely on commodity data, provide inadequate protection against the most damaging types of account takeover attacks. According to SpyCloud customers, 80 percent of losses come from just 10 percent of ATO attempts, which are highly targeted and challenging to detect.
SpyCloud helps enterprises protect themselves against both targeted and automated account takeover. By gaining access to breach data early in the breach timeline, SpyCloud enables organizations to detect and reset compromised credentials before criminals have a chance to use them for account takeover.
After a breach occurs, criminals typically keep the data contained within a tight circle of associates while they determine how to monetize the data most effectively. Because few people have access to the data, stolen credentials are valuable assets. This is when unsuspecting organizations and individuals are at the greatest risk of targeted attacks—and this is also when SpyCloud researchers gain access to breach data.
The attackers and their associates systematically monetize stolen data over the course of about 18 to 24 months before gradually allowing credentials to leak to more public locations on the deep and dark web.
Once they become available to a broad audience, including “deep and dark web” scraping and scanning tools, the credentials become relatively low-value commodities. At this stage, passwords have been cracked and plaintext credentials have been packaged into “combolists,” which are lists formatted for use with automated account checker tools that make credential stuffing easy and accessible for unsophisticated criminals.
Challenges for security teams:
Highly effective, difficult to detect, huge potential losses
Challenges for criminals:
Time-consuming, not scalable
Challenges for security teams:
Easy for unsophisticated criminals to launch high-volume attacks
Challenges for the criminal:
Easy to detect and prevent
The criminal uses a variety of tactics, tools, and procedures to sidestep security measures and access accounts, such as:
The criminal uses their account checker tool to launch a credential stuffing attack against many accounts at one or more target organizations. If using botnet infrastructure, they will issue commands from the C2 server to launch credential stuffing attacks at mass scale.
Because companies block malicious IP addresses, the attacker will use one or more methods of getting around IP blocking while using the account checker, such as free proxies, a VPN, and/or using TOR.
With access to stolen accounts, the criminal can:
With access to stolen accounts, the criminal can:
Without the SpyCloud data, we would be at constant risk for attacks we never saw coming.
Account takeover can be highly-targeted, sophisticated, and manual, or it can be high-volume and automated. Learn how to protect your enterprise from both types of ATO.
If your account takeover prevention program primarily focuses on automated credential stuffing attacks, you may be leaving your organization exposed to serious losses. Learn more in this webinar we hosted with ISMG.
Security leaders who have been through worst-case scenarios offer real-world advice for stronger breach prevention & response. Get the audio file or watch the panel webinar on-demand.
Learn how SpyCloud can help your enterprise combat both targeted and automated account takeover attacks.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
We use analytics data to make site improvements that positively affect our customer’s online experience.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
Identify & remediate compromised accounts before criminals have a chance to use them.
Unmask criminals attempting to defraud your business and your customers.
Monitor your critical third parties for breach exposures that could endanger your enterprise.
Enhance your solution with SpyCloud’s breach data.