October 28, 2019//-Phishing attacks in which an attacker impersonates trusted organisation to obtain sensitive information, are familiar to many internet users are on the rise.
However, what if the attack came from a trusted boss, colleague or friend? What if they engaged in a dialogue and were able to recall details of previous email exchanges? In this case, it becomes far harder for an attacker to be spotted.
This type of attack is known as an account takeover, and is on the rise. Similar to phishing, attackers gain access to accounts by tricking users into sharing their username and password.
Once in, attackers posing as legitimate users already have the trust of those within the users’ network, and may slip through security systems without raising the same red flags as some other types of attack – that is, until it’s too late.
According to a survey by Javelin, in 2017, account takeover attacks led to over $5.1bn in losses, making them a serious area of concern for organisations.
Ellen Daniel from GlobalData’s Verdict spoke to Hatem Naguib, COO of IT security company Barracuda Networks, on how to stop this type of attack in its tracks, and the tools needed to combat future threats.
ED: What are the characteristics of these attacks?
Naguib told GlobalData’s Verdict: “What tends to happen in account takeovers is that the attacker will basically assume the identity of the person so it will be you in the environment, no one will be able to tell at all that it’s not you because I’ve gotten the Office 365 credentials. And I’ll start slowly sending out emails so that I can get better confidence and trust. I usually go to high-value targets who immediately recognise it’s me sending the email, and then through that I’ll be able to gain access to whatever I want, potentially financial information.
ED: What are the motivations behind account takeovers?
Naguib told GlobalData’s Verdict: “It’s usually money. But now when you see more nation-state type of involvement, obviously then I can gain access to intellectual property. And gaining access to intellectual property I think really does motivate a lot of capabilities around corporate companies and competition.
“Then the third category I would say is, I think, more nefarious intentions around social engineering. If I could fake Twitter accounts, and I could fake Facebook accounts, and then I can create content around those fake accounts, as we saw in the recent elections, that can actually change outcomes at a much more macro level. And account takeovers are perfect for that.”
ED: How are these attacks going to develop in the future?
Naguib told GlobalData’s Verdict: “It’s obvious that as we become more digital and the world around us becomes more digital, everything I need to know about you I could probably get on some level of social media.
So even though I could spoof your email, it’s not far-fetched that I could spoof you or your voice. I could get videos of you making conversations and then I could create more and more types of simulations that allow me to leverage you as an individual identity to gain access to what I need to do.
“We’ve already started seeing CEOs getting spoofed, or executives getting spoofed in that way. I think there’s also the fact that everything becomes connected. So it’s just a lot easier to weaponise individual pieces of luggage or internet of things components. So I think that becomes another aspect and many of those attacks are relatively simple and are meant to create distractions for the more target-rich environments.
“Ultimately, as we use AI and machine learning to protect ourselves from a security perspective, you will see more and more of that becoming part of the arsenal that attackers can use.”
African Eye Report
