Account takeover attacks - the number one threat?

83% of organizations have experienced at least one account takeover in the last year; security leaders lack confidence in their current defenses to protect against this threat.

  • Sunday, 9th June 2024 Posted 3 months ago in by Phil Alsop

Abnormal Security has launched a new research report—the 2024 State of Cloud Account Takeover Attacks. The report reveals how security stakeholders view the growing threat of account takeovers, how they are currently approaching prevention, and what they are looking for in next-generation defenses against these attacks.

Based on a survey of over 300 security professionals across a variety of global industries and organization sizes, Abnormal’s research found that 77% of security leaders cited account takeover attacks as one of their top four most concerning cyber threats. Combined, this makes account takeovers the leading worry for security leaders—even ahead of news-headlining attacks like ransomware and spear phishing.

These worries are justified, given that 83% of survey participants reported that their organization had been impacted by an account takeover attack at least once over the past year. Worse still, nearly half of organizations (45.5%) were impacted by account takeover attacks more than five times over the past year, while nearly one in five had experienced more than 10 significant account takeover attacks.

“A single instance of cloud account compromise can be extremely damaging, as it creates a critical point of entry that can give attackers immediate access to company or customer data, create a launchpad for additional attacks or fraudulent transactions, or allow lateral movement to connected platforms,” said Evan Reiser, CEO at Abnormal. “What’s even more concerning, and what the survey responses show, is that these attacks are no longer limited to just email. Today’s cloud application ecosystems are increasingly necessary for business, but they all open up additional entry points—each with their own distinct risks if compromised.”

The cloud applications that security stakeholders are most concerned about being compromised include file storage and sharing services, such as Dropbox and Box, and cloud infrastructure services, including Amazon Web Services, Microsoft Azure, and Google Cloud Platform. Also near the top of the list are business email accounts, such as Microsoft Outlook and Gmail, and document and contract management software like Docusign. Each of these applications have the potential to expose troves of sensitive company data, while a compromised cloud infrastructure application can also enable lateral movement across the corporate network.

Despite their concerns, the majority of security stakeholders appear unprepared to protect against account takeovers. Commonly used strategies to protect against this threat include implementing fraud detection mechanisms such as multi-factor authentication (MFA) and strong password use. Yet, the majority of survey participants are skeptical of both MFA (63%) and single sign on (65%) as effective tools to prevent account takeover attacks.

Other frequently mentioned solutions included identity and access management (IAM), cloud access security brokers (CASB), and web application firewalls (WAF), which were all cited by more than 50% of respondents, but none of which are explicitly designed to counter the account takeover threat. Similarly, many survey participants (87%) expect their individual cloud services to supply native protections against account takeovers. But most application providers aren’t security companies, and while they may offer some security features, these tend to be safeguards against misconfiguration or elevated privileges rather than real-time protection against account takeover.

Security stakeholders are eager for alternative solutions, and 99% believe implementing a solution for detecting and automatically remediating compromised accounts in cloud services would greatly improve their defenses. Reiser continued, “It’s clear that there is a need for a new approach to not only detect account takeovers but also remediate them automatically before attackers have a chance to exfiltrate sensitive data or infiltrate connected applications. Cross-platform visibility and automated remediation capabilities, with uniform coverage for all the applications that enterprises use, will be critical as organizations seek to protect their entire attack surface.” 

Organisations with advanced identity security see reduced cyber risk, increased business value and improved productivity.
The 2024 show brings together the entire connectivity and digital infrastructure ecosystem that help to secure, automate and remotely operate...
Global study of over 1,300 tech professionals uncovers opportunities for enhanced security training and awareness.
New study from Wazoku and King’s Business School reveals extent that AI is supporting and powering innovation and new ideas.

Risk appetites have grown for 81% of CISOs

Posted 1 day ago by Phil Alsop
Netskope has published a new report analyzing the evolution of the CISO role within the retail sector. ‘The Retail CISO: Bringing Balance’, is...
Report highlights impact of hyperconverged infrastructure, hybrid cloud and leveraging on-demand computing capacity.

AI spend up 177% since last year

Posted 3 days ago by Phil Alsop
Soldo’s Summer Spend Index compares year-on-year business spending, shows huge investment boost in artificial intelligence tools.
New report from Red Canary shows increased investment is failing to stem the tide of breaches as security teams struggle with complexity, skills, and...