According to a recent report from the Identity Theft Resource Center there was a 68% increase in data breaches in 2021 compared to 2020, giving last year’s award with the highest number of data breaches ever reported. Since most of this compromised data will include email and password combinations, cybercriminals are given more assets to conduct Account Takeover (ATO) attacks.
ATOs occur when a cybercriminal steals login credentials to commit identity theft and fraud. Attackers typically buy a list of credentials on the dark web and launch an army of bots on popular websites to test username and password combinations in login attempts.
Once the bot has identified the validated credentials, the attacker can access online accounts to steal personal or financial information, withdraw money, cash in on loyalty points, open new lines of credit, buy or resell validated credentials to other attackers for further exploitation.
With 65% of people using the same password or a variation across multiple accounts, cybercriminals can often use a validated set of credentials to access other sites. This means that once attackers have identified a valid combination, they can measure their efforts, target more sites and bring in more illegal revenue.
ATOs have traditionally been more focused on financial services organizations, but as more people turned to online shopping throughout the pandemic, it firmly placed retailers at the top of the list of hackers ’hits.
Increase in Retailer ATO Attacks
Over the past two years, ATO fraud has increased significantly as a result of discounts for stolen user data on the dark web and cheap bots for hire. This prompted a huge increase in attacks targeting retailers, with research from PerimeterX showing that in the last seven months of 2020, on average, over 75% of all login attempts on the ecommerce site are ATOs. To put this figure in perspective, during Cyber 5 2021, PerimeterX prevented more than $ 1.5 billion in fraudulent purchase attempts, showing how much money organizations would lose from the attacks. of the ATO.
Now, with this proliferation of bots-for-hire services, ATO attacks have never been easier or cheaper to carry out. Instead of manually checking sites for valid user credentials, attackers will deploy bots to automate the process-which will result in a faster success rate. This also makes it difficult for ATOs to identify because bots often mimic user behavior. If a retailer suspects traffic activity and suspects a bot, without the proper tools, it can result in blocking real traffic or a negative customer experience.
These attacks present a significant threat to retailers and consumers, with research also showing that 22%(24 million households) of U.S. adults have fallen victim to account taking. Retailers will also lose billions due to the threat through chargebacks or missing merchandise, as well as major brand damage due to negative media publicity and criticism from customers experiencing identity fraud from ATOs.
Given the dangers of ATOs, it is most important for retailers to disrupt the lifecycle of web attacks, describing the cyclical and continuous nature of cyberattacks involving theft, authentication and fraudulent use of identity and information. account. Protecting users ’account and identity information anywhere on their digital journey is really critical.
To protect and mitigate ATOs, here are some steps to consider:
1. See yourself as a target.
Often, retailers don’t see themselves as a target, but it puts them at greater risk. Never think that you are too small or too unknown to be hit by attackers, because this makes you weaker. Instead view yourself as a target, prepare for attacks and do not let your security guard.
2. Deploy firewalls (WAF or ADC).
Firewalls will allow retailers to block incoming traffic to specific ports and will also allow them to add signatures for specific types of attack or exploitation. Placing a Web Application Firewall (WAF) in front of your application is table stakes. Typically, WAFs are included in Application Delivery Controllers (ADCs). All major cloud providers offer WAFs and ADCs as a service.
3. Threat intelligence platform and subscription.
Having a firewall deployed isn’t enough on its own because attacks are constantly evolving, so having an active threat intelligence platform and live threat feed allows retailers to keep up constantly emerging techniques of attackers.
4. Volumetric traffic detection and analysis.
This method allows web security teams to determine web traffic and detect spikes that may have dropped due to the work of bots. If usage increases during normal off-hours, it may be a sign indicating an ATO attack. Also, sudden changes in buying habits, switching loyalty points or multiple password resets are all triggers that should initiate deeper forensics and more stringent challenges for questionable queries and users. .
5. Identifying machine learning patterns and behavioral analysis.
The most advanced security tools that retailers can deploy to stop ATOs are based on machine learning to identify and distinguish bots from real user activity. These solutions identify the most sophisticated bot techniques and block automated web attacks. Using machine learning, behavior-based and predictive analytics models, they have the sensitivity to detect traffic patterns and they can quickly identify and mitigate modern ATO attacks. This should be a priority for all retailers concerned about ATOs.
As more households turn to the digital world as their primary way to interact with brands and buy products, cybersecurity should be inherent in ecommerce websites. ATO attacks offer cybercriminals two-edged swords with which they can cause damage and steal money from the customer and the retailer. Protecting against these attacks by interrupting the lifecycle of web attacks and implementing the right solutions should be a top priority for all ecommerce sites today.
Tony Klor is a Security Evangelist at PerimeterX, a leading provider of solutions that detects and stops the abuse of identity and account information on the web. Prior to joining PerimeterX, he held positions at TypingDNA and mobile analytics firm Appsee, which was later acquired by ServiceNow. Klor holds a bachelor’s degree in business management, with a focus on entrepreneurship, from the University of South Carolina.