In a new study, Javelin Research found that account takeover increased by a whopping 90% in 2021. These losses totaled $11.4 billion, making up nearly a quarter of all identity fraud losses in 2021.
In a separate study, Feedzai, a financial risk management company, found that account takeover was the top fraud scam, up from fourth place in 2021 and ahead of social engineering.
Account takeover can be particularly damaging since it can lead to so many other attacks. From one compromised account, so many things can happen: lateral movement throughout a network, major phishing, malware and ransomware campaigns, and much more. In the world of SaaS, a username and password is all the hackers need to take over all of your accounts. There is no need to put malware on your endpoint or get in through a Firewall. In fact, there is very little practical security after they have your username and password.
To prevent account takeover, and to prevent it from further infiltrating your organization, you need full-fledged protection against these types of attacks.
Avanan's anomalies engine looks for user account indicators of compromise- items such as impossible travel, first time logins from foreign locations, massive sending, mail forwarding rules enabled, etc. We also have ShadowIT to detect potentially unwanted programs in addition to the Anomalies engine.
When we connect to a customer's cloud app, we capture year’s worth of historical information to create a model of each user, as well as an organization’s custom threat profile. Within each SaaS, we monitor over 100 event indicators and correlate them to identify compromised accounts. These indicators are fed into ML algorithms that’s trained to find attacks and filter out false positives. This applies to past accounts breached before installing Avanan, and works to prevent new takeovers.
These indicators include, but are not limited to:
- Logins from new devices, locations or browsers
- Suspicious or insecure mailbox configurations
- Disabling of MFA
- Multiple password resets