The $13 billion problem: Tackling the growing sophistication of account takeovers

Fraudsters have used account takeovers (ATOs) to victimize 29 percent of internet users, resulting in $13 billion in losses in 2023. Over three-quarters of security leaders listed ATOs as one of the most concerning cyber threats, and the danger grows as bad actors leverage AI to launch more potent attacks.

The Snowflake breach demonstrates the devastating consequences of ATOs. Attackers gained access to 165 of the data platform’s customers’ systems, including AT&T and Ticketmaster, and exfiltrated hundreds of millions of records containing sensitive data. The attack wasn’t some brilliant hacking scheme -- the bad actors simply used legitimate credentials to log into the platform.

Since someone using a valid password is not an immediate red flag for nefarious activity, ATOs are less straightforward to catch than other breaches. However, a robust detection system empowers companies to accurately determine whether a login is legitimate.

The growing threat of account takeovers

Several factors drive the rise in ATOs. Not the least of which is the proliferation of online accounts. As people create more profiles, practicing password hygiene becomes more intensive, contributing to the frequent reuse of passwords. More accounts also mean a higher likelihood that a data breach will expose a set of credentials, and a single compromised password could allow access to multiple accounts.

Cybercriminals also have access to more sophisticated tools. GenAI allows bad actors to create more realistic phishing attacks at a larger scale and rapidly code new malware. Automated bots enable fast and widespread credential-stuffing attempts.

Countering these threats requires a multi-layer approach beyond simply mandating complex passwords and imposing CAPTCHAs.

• Enforce multi-factor authentication

The accounts exploited in the Snowflake breach did not have multi-factor authentication (MFA), allowing the hackers easy access to the system. This scenario demonstrates why businesses must require a second authentication factor for logins to reduce ATOs. MFA is effective for both employee and customer account protection.

• Educate employees

The Snowflake breach also demonstrates the importance of employee education. When employees are well-informed about fraud techniques, they are less susceptible to phishing attempts and more likely to follow cybersecurity best practices, which include using MFA. Providing this education should involve more than one annual 15-minute slide deck. Ongoing exercises like test phishing emails give employees ongoing exposure to evolving threats.

• Limit login attempts

Fraudsters using credential stuffing execute multiple login attempts in a very short time. Locking an account after a specified number of incorrect passwords prevents access.

• Recognize trusted devices

Identifying devices attempting to log in allows businesses to implement a tiered security approach. Device intelligence solutions create a unique identifier for each device using characteristics such as operating system, browser type, screen resolution, and IP address. These identifiers allow sites to recognize previously authenticated devices and streamline authentication for these low-risk users. Unfamiliar or suspicious devices trigger additional security measures, like MFA.

• Analyze device behavior

Account takeover solutions use machine learning to analyze behavior and detect unusual actions. With these platforms, sites can flag or block suspicious users, like those attempting to log in multiple times or from abnormal locations.

• Implement sandboxing

This containment strategy limits damage when a bad actor does slip through preventative efforts. Sandboxing involves separating business applications to prevent attackers from accessing critical systems or sensitive data.

Cybercriminals have many tools at their disposal, and businesses do, too. Many advanced solutions are on the market to take security strategies beyond the combination of 12 letters, a number, a unique character and the ability to identify pictures of cars. Combining multiple sophisticated strategies builds more robust defenses against ATOs.

Image credit: TeodorLazarev / Shutterstock

Dan Pinto is CEO and co-founder of Fingerprint and brings over a decade of experience in tech. He began his career in software engineering, where he developed an interest in creating bots, but quickly shifted his focus to entrepreneurship. Dan has founded many small startups, including eBay stores, a tech blog, and even a forum for TV shows. In 2014, Dan co-founded Machinio, a search engine for used machinery, which was later acquired by NASDAQ:LQDT in 2018. After this success, he co-founded Fingerprint, the world’s most accurate device identifier, which has raised over $77 million since its first funding round in 2020. Fingerprint currently employs over 100 people and is dedicated to solving the complex issue of online fraud.