PREVENT ACCOUNT TAKE OVER (ATO)

STOP ACCOUNT TAKE OVER (ATO) AT THE NETWORK EDGE BEFORE THE BOTS CAN CAUSE HARM. ZERO TOLERANCE IN THE CLOUD FOR ATO BOT ATTACKS

Total Visitor Management

PREVENTING ATO ATTACKS

“Most Corporates track account take over with tools that only pick up the ATO after a data breach. You need to be in front of the attack. Adding zero trust network edge protection ensures you're maximising your protection where it really matters"

What is Account Take Over (ATO)?

Bots are automated software scripts that perform tasks over the internet. Over 50% of all internet traffic is automated, so this is gigantic volumes of automated traffic. Some of these bots are beneficial, such as search engine bots that index websites for search results and uptime checkers. However, many are malicious bots specifically designed to exploit vulnerabilities and cause harm. Finding them can be like finding the proverbial needle in a haystack

Strategies for API Abuse

UNDERSTANDING ACCOUNT TAKEOVER

Account takeover is a sophisticated form of cyber attack that can have severe consequences for individuals and businesses alike. Cybercriminals employ various methods to gain unauthorized access to user accounts, such as:

  1. Phishing: This technique involves tricking users into revealing their login credentials through deceptive emails, messages, or websites that appear legitimate.
  2. Brute-Force Attacks: In a brute-force attack, hackers use automated software to systematically try numerous username and password combinations until they find the correct ones.
  3. Credential Stuffing: In this method, cybercriminals exploit the reuse of usernames and passwords across multiple online platforms. They obtain login credentials from data breaches and then use them to gain unauthorized access to other accounts.
  4. Social Engineering: Cybercriminals manipulate individuals through psychological tactics to deceive them into revealing their login credentials or other sensitive information.
  5. Malware and Keyloggers: Malicious software, including keyloggers, can be installed on a victim's device to capture keystrokes and gain access to account credentials.
Behavioural Edge Protection for ATO.

PROTECTING ONLINE ACCOUNTS

Current best practice to protect your online accounts from account takeover usually looks at the following factors:


1. Enable Two-Factor Authentication (2FA)


Two-factor authentication provides an additional layer of security by requiring users to provide a second verification factor, such as a unique code sent to their mobile device, in addition to their password. This way, even if your password is compromised, the attacker would still need access to your second factor to gain entry.


2. Use Strong, Unique Passwords


Enforcing strong and unique passwords for all your end users is crucial. Ensure that your passwords are at least 12 characters long and include a combination of uppercase and lowercase letters, numbers, and special characters. Customers who have had accounts for years are going to need to upgrade their protection, and choose a more complex password.


3. Regularly Update Your System Software


Keeping your operating system, web servers, and other software up to date is vital. Software updates often include security patches that address vulnerabilities that could be exploited by attackers.


4. Be Wary of Phishing Attempts


Your customers need to exercise caution when interacting with emails, messages, or websites that request the login credentials or personal information. Sites are sometimes entirely cloned, so they appear just like a legitimate web site. The only indications are small change to the ULR, with a different domain extension or a hyphen inserted that's difficult to spot.


5. Monitor Your Accounts Regularly


Regularly review your online accounts for any unauthorized activity. Set up alerts or notifications whenever possible to receive immediate updates about suspicious login attempts or changes to your account settings.


6 Monitor Login | Fail Ratio:


Keeping a track of the login pass / fail ratio is an obvious way of looking for potential unauthorised attacks. Sudden spikes in the fail ratio are often seen in brute force attacks. Hackers also try and use simpler forms of captcha used for accessibility, for example audio, which are easier for the latest voice recognition programs to solve. A sudden spike in accessibility link ratio's may indicate hackers trying to bypass your main CAPTCHA page.


7 Educate Yourself and Your Team


Conduct training sessions to raise awareness about phishing attempts, social engineering techniques, and other cybersecurity best practices. Ask your customers to help by sending on any phishing attempts they receive. Warn your customers with specific examples of some of the latest phishing methods.


Protection Starts At the Network Edge

Monitoring accounts, and looking at logs manually is only practical for very small companies, or larger companies with just a few accounts. For many larger businesses it's simply not practical.


Larger companies also don't want to burden the consumer with difficult CATCHAs, increased password security and other two-factor-authentication methods. Even small changes in the login process for fickle customers may be enough to lose that customer for good, or adversely affect conversion rates.


VerifiedVisitors take a radically new approach by providing zero trust edge of network detectors that can help to prevent account-take-over before they hit your critical paths.


Automated traffic is used in variety of different ways in Account Take Over Attacks:


1. Brute Force Stuffing


Brute force attacks use automated agents to simply crack passwords over-time recognising that most passwords aren't secure enough. Stop the bots, and you stop the attack. These attacks are getting less frequent, as they just aren't that effective.


2. Sleeper Cell Dorman Account Creation


This method uses 'sleeper account' which are created in advance and pre-prepared for action at a later date. They can be difficult to spot, as the account creation isn't time critical, and they can even be manually created using false credentials, so they can solve a CAPTCH or 2FA. However, once created, the accounts need to be woken up, and triggered by their hacker, who will typically do this with scripts. With a seemingly 'legitimate' user account, that has no history of abuse, it's difficult to spot the account creation, but much easier to spot the scripted launch of the attack.


Once activated the sleeper cells can be used in a huge variety of ways to make money. For example, they can be used to purchase scarce inventory, such as tickets or fashion items, or even to place bets when the outcome or odds are favourable to the hacker.


3. Attack Disguise


Sleeper accounts are also used to disguise a real account take-over attempt. Logging into many of these sleeper accounts at the same time as the real attack make it much harder to spot fraudulent account usage. Blending the fake account logins with the real attacks also bypasses any ratio checks, for example, on the pass to fail ratio for logins on the site. Hiding in 'normal' traffic is difficult to spot.



Login Path Analysis

Zero trust at the network edge means protecting your login paths robustly. It's one thing if automated traffic is left to browse a simple web content page. Isolating the critical login path, admin paths for privileged access, and any entry points, is then critical. These paths can then have a much higher level of scrutiny before they are verified and allowed to login.