Historically, account takeover (ATO) has been recognized as an attack in which cybercriminals take ownership of online accounts using stolen passwords and usernames. Cybercriminals purchase a list of account credentials from the dark web that are usually compiled by hackers through social engineering, data breaches, and phishing attacks. They use these credentials to deploy bots that automatically access travel, retail, finance, eCommerce, and social media sites, to test password and username combinations and attempt to login. Eventually, attackers arrive at a list of verified credentials and make a profit by selling these credentials to other people or by abusing the account. Attacks involving account takeovers usually result in a type of identity theft.
ATO attacks are more sophisticated and broader in scope than ever. Online fraud has changed dramatically over the last few years. The COVID pandemic has driven a wave of newly digitized business processes and online consumer offerings, and this has provided fertile ground for an unprecedented number of bad actors to use account takeovers to cash in. Businesses migrating workloads and core development operations to the cloud are now targets of new approaches to financial fraud they have never seen. Online criminals are taking advantage of these new processes. Recent research reports a 282% surge year over year in the ratio of fraudulent login attempts to overall user logins.
This wave of fraudulent login attempts is especially worrisome for eCommerce sites, which experience 61% of all ATO attacks. What is worse, 28% of online customers would stop doing business with an enterprise if their credentials were stolen from that enterprise’s site, leaving a devastating effect on the bottom line.
Organizations in the digital age need to extend protection and do much more than just prevent credit card and bank account numbers from being stolen. Today, organizations need a security strategy that ensures their web applications are protected against automated account fraud.
How online fraud methods are automated and growing
The cybercriminal ecosystem has evolved account takeover into a commoditized enterprise. Today, cybercriminals can buy credential dumps from breaches and rent low-cost bot infrastructure to automate attacks. The amount of time and resources required for automated account theft has never been lower. This is exacerbated by the fact that, in spite of years of expert advice, most consumers reuse passwords across dozens of sites and fail to change them when affected by breaches. And as I suggested earlier, consumers continue to move more business processes online and there are simply more digital transactions to impersonate, with the result being more accounts to steal and more ways to abuse them.
Your ATO prevention solution cannot hinder site performance
As a security practitioner, you need to ensure that your solution can block ATO attacks without blocking and losing legitimate transactions. You can only accomplish this with a multi-layered, intent-based detection strategy that both identifies malicious logins and generates very low false positives. Your solution must enable you to get context from the data to assist in fraud resolution. This entails gaining clear visibility into which sites and user accounts are under attack, what techniques were used, and whether the credentials are publicly-available. You must be able to deploy the solution to both applications and websites in a way that affects no change to the end user experience, load times, or responsiveness. You can also use the security demonstration to inform customers when an attempt to take over their account is detected and blocked, as well as advise them on how to avoid the risk.
Four ways Imperva helps prevent illegitimate access of your user accounts
- The Imperva solution captures a worldwide view of ATO behavioral activity across thousands of login pages on our global network that is fed into our multi-stage machine learning models. This allows us to correlate between suspected login attempts and pinpoint credential stuffing attempts even when the attacker uses a fresh credential list.
- Built as part of our single-stack architecture, our detection and mitigation engines are inherent in-line capabilities of our cloud application security solution. This purpose-built architecture allows us to immediately detect and mitigate all risks at the edge without requiring any distant processing centers.
- While CAPTCHA challenges are commonly used to identify bad bots, this process often frustrates users and leads to reputational damage. Our multi-stage detection approach provides laser-focused security protection with low false positives. This reduces the need to use CAPTCHA challenges and preserves the user experience.
- Imperva’s unique and intuitive dashboards provide security and fraud teams with clear visibility and actionable insights into attack attempts, leaked user credentials, compromised user accounts, and successful login attempts.
Learn more about how Imperva can help you meet the threat that new Account Takeover approaches present.
Try Imperva for Free
Protect your business for 30 days on Imperva.
