Account takeover attacks - the number one threat?

83% of organizations have experienced at least one account takeover in the last year; security leaders lack confidence in their current defenses to protect against this threat.

  • Sunday, 9th June 2024 Posted 3 days ago in by Phil Alsop

Abnormal Security has launched a new research report—the 2024 State of Cloud Account Takeover Attacks. The report reveals how security stakeholders view the growing threat of account takeovers, how they are currently approaching prevention, and what they are looking for in next-generation defenses against these attacks.

Based on a survey of over 300 security professionals across a variety of global industries and organization sizes, Abnormal’s research found that 77% of security leaders cited account takeover attacks as one of their top four most concerning cyber threats. Combined, this makes account takeovers the leading worry for security leaders—even ahead of news-headlining attacks like ransomware and spear phishing.

These worries are justified, given that 83% of survey participants reported that their organization had been impacted by an account takeover attack at least once over the past year. Worse still, nearly half of organizations (45.5%) were impacted by account takeover attacks more than five times over the past year, while nearly one in five had experienced more than 10 significant account takeover attacks.

“A single instance of cloud account compromise can be extremely damaging, as it creates a critical point of entry that can give attackers immediate access to company or customer data, create a launchpad for additional attacks or fraudulent transactions, or allow lateral movement to connected platforms,” said Evan Reiser, CEO at Abnormal. “What’s even more concerning, and what the survey responses show, is that these attacks are no longer limited to just email. Today’s cloud application ecosystems are increasingly necessary for business, but they all open up additional entry points—each with their own distinct risks if compromised.”

The cloud applications that security stakeholders are most concerned about being compromised include file storage and sharing services, such as Dropbox and Box, and cloud infrastructure services, including Amazon Web Services, Microsoft Azure, and Google Cloud Platform. Also near the top of the list are business email accounts, such as Microsoft Outlook and Gmail, and document and contract management software like Docusign. Each of these applications have the potential to expose troves of sensitive company data, while a compromised cloud infrastructure application can also enable lateral movement across the corporate network.

Despite their concerns, the majority of security stakeholders appear unprepared to protect against account takeovers. Commonly used strategies to protect against this threat include implementing fraud detection mechanisms such as multi-factor authentication (MFA) and strong password use. Yet, the majority of survey participants are skeptical of both MFA (63%) and single sign on (65%) as effective tools to prevent account takeover attacks.

Other frequently mentioned solutions included identity and access management (IAM), cloud access security brokers (CASB), and web application firewalls (WAF), which were all cited by more than 50% of respondents, but none of which are explicitly designed to counter the account takeover threat. Similarly, many survey participants (87%) expect their individual cloud services to supply native protections against account takeovers. But most application providers aren’t security companies, and while they may offer some security features, these tend to be safeguards against misconfiguration or elevated privileges rather than real-time protection against account takeover.

Security stakeholders are eager for alternative solutions, and 99% believe implementing a solution for detecting and automatically remediating compromised accounts in cloud services would greatly improve their defenses. Reiser continued, “It’s clear that there is a need for a new approach to not only detect account takeovers but also remediate them automatically before attackers have a chance to exfiltrate sensitive data or infiltrate connected applications. Cross-platform visibility and automated remediation capabilities, with uniform coverage for all the applications that enterprises use, will be critical as organizations seek to protect their entire attack surface.” 

SolarWinds 2024 IT Trends Report asks whether IT pros see AI as a friend or foe.

The AI revolution has arrived in physical operations

Posted 9 hours ago by Phil Alsop
Samsara’s latest State of Connected Operations Report reveals majority of leaders see AI as a competitive advantage and are already realizing...

UK DaaS adoption surpasses the US

Posted 9 hours ago by Phil Alsop
Nerdio has launched new research showing that the UK has surpassed the US in DaaS adoption — with 76% of UK IT leaders citing both cybersecurity...

Urgent training gap exposed

Posted 3 days ago by Phil Alsop
A quarter of organisations unprepared for cyber-attacks.
Soldo’s Spring Spend Index reveals spend on AI is up 449% compared to a year ago – with 63% of all AI spend now on Chat GPT.

Northern Data Group launches AI Accelerator

Posted 3 days ago by Phil Alsop
AI Accelerator offers startups complimentary access to NVIDIA H100 Tensor Core GPUs, powered by 100% carbon-free energy.
Despite workers emphasising the critical role of tech, the overwhelming majority of employees experience productivity drop due to current IT...

DDoS attacks rising fast in EMEA

Posted 3 days ago by Phil Alsop
Since 2019, only the EMEA region has experienced a continual rise in DDoS attack events, with the region even overtaking North America.