Skip to content
Back Home

Illuminating the intersection of physical and cyber security

Illuminating the intersection of physical and cyber security

  • Front Page
  • About Us
  • Articles
  • Recent Industry Press Releases
  • Guest Contributions
  • BSM Podcasts
Home » Guest Contributor » Account Takeover Tips: Protecting What Matters

Account Takeover Tips: Protecting What Matters

This entry was posted in Guest Contributor and tagged Account Takeover tCell on December 21, 2017 by Steven Bowcut

Digital accounts are everywhere. The rapid uptake of cloud technologies combined with mobile-driven consumer habits has fundamentally altered the storage and transmission of data online. As noted by analyst firm Juniper Research, 1.2 billion users worldwide already leverage digital bank accounts. By 2020, that number will reach 2 billion. Add e-commerce accounts, social networks, consumer web portals and the evolution of digital-first government services, and it’s no surprise that cybercriminals are very interested in subverting user control and claiming accounts for themselves. It’s called “account takeover” and it’s on the rise. Here’s what you need to know.

Understanding Attacks

Hackers are committed to grabbing user accounts. Consider: According to business and technology website PYMNTS, account takeover increased 45 percent in the second quarter of 2017. Sure, this was bolstered by the massive Equifax hack, but that’s a symptom, not the underlying cause: Account takeovers are gaining speed and sophistication as more users leverage digital accounts, but fewer implement solid security hygiene.

How do end users keep accounts safe? First, learn more about the likely routes favored by hackers to access your information, including:

  • Horizontal Hacks — It works like this: Hackers discover the username and password for one of your accounts. Then, they leverage this information to hack other accounts that all use the same login details. In many cases, users don’t know they’ve been compromised until it’s too late.
  • Brute Force Break-Ins — Here, hackers spam account login pages with set after set of usernames and passwords. This is especially successful if webpages or apps don’t have a limitation on the number of access attempts within a certain time frame. Hackers are also helped by the fact that many users still pick common, easy-to-guess passwords such as “password” or “123456.”
  • Phishing — This attack relies on social engineering. Users receive an email warning them to immediately change their password or download an update. Entering account information to the attacker-controlled site will result in credential theft. Clicking on the link or downloading the file leads to malware infection and potential account compromise.
  • Security Subversion — Apps and sites that use poor encryption (or none at all) are easy targets for hackers looking to intercept account data, analyze it and then use it to gain access.
  • Middle Men — The coffee shop or airport Wi–Fi network may not be what it appears. By setting up dummy networks with familiar names in high-traffic areas, hackers can convince users to connect, then control all web traffic and collect login details.

Safety in Numbers

Sounds scary, right? It can be — hacked accounts can have serious downstream consequences if attackers create new dummy accounts or gain access to personal information such as credit card details, Social Security numbers or tax information. Yet it’s not all bad news: Implementing a combination of solid security measures can help stem the tide of account takeover:

  1. Two-Factor Authentication — Attackers depend on the username/password combination to gain access. By leveraging two-factor authentication, for instance by requiring users to provide a one-time passcode, it’s possible to improve account security.
  2. HTTPS — HTTPS connections are encrypted by default, making it that much harder for hackers to steal relevant data and gain access via man-in-the-middle attacks. Wherever possible, opt for HTTPS over HTTP. To help make easier, you can use EFF’s HTTPS Everywhere extension.
  3. Wi-Fi Security — Avoid potentially insecure networks and disable “auto join” features on mobile devices. Use a virtual private network (VPN) for any public Wi-Fi connections.
  4. Threat Intelligence — While good hygiene goes a long way, advanced security solutions are also critical to reduce account takeover. Find a provider that uses advanced threat detection to discover if your account is under attack from botnets or if incoming emails are phishing efforts.
  5. Hybrid Protection — Applications also need to do their part. Emerging hybrid solutions — which combine the utility of web application firewalls (WAFs) and RASP security protocols — detect suspicious events in runtime, empowering real-time response. If you are subscribing to a service for your business, asking your SaaS provider how they secure your data against account takeover is a necessity.

Account takeover is on the rise. Combat both common and evolving threats with the right combination of solid security hygiene and advanced, intelligent solutions.

Author bio: Boris Chen is Vice President of Engineering and Co-Founder of tCell. He has over 20 years of industry experience building high-performance web infrastructure and data technology. Before co-founding tCell, Chen spent five years at Splunk as VP of Engineering, from startup through IPO, where he helped drive Splunk’s petabyte-scale deployments and integration with Hadoop. Prior to joining Splunk, Chen was Director of Engineering at LucidEra, an early “Business Intelligence as a Service” innovator. At BEA Systems, where he was part of the original WebLogic acquisition, he led engineering teams working on the JRockit Java Virtual Machine, EAI and message bus products. Chen holds a B.S. in EECS from the University of California, Berkeley.


Post navigation

  • ← 2018 Security Predictions: Corporate Cyber Insurance – The Increased Adoption of Corporate Cyber Insurance Will Fuel Ransomware Growth
  • 2018 Security Predictions: Wi-Fi Hacking – Thanks to Commoditization of Wireless Attack Tools, Wi-Fi Hacking Will Move to Zigbee, Bluetooth, Sigfox and More →

Featured Articles

  • 2 Ways To Create a Robust Security Baseline Using Microsoft Azure Active Directory for Small Businesses in 20 Minutes

Recent Posts

  • A Human-First Approach to Minimizing Insider Threats January 30, 2023
  • Watch out! 5 Reasons Vishing is on the Rise – is Your Business at Risk? January 30, 2023
  • How Multimodal Biometrics Help Banks and Retailers Fight Fraud During Times of Disruption January 30, 2023
  • Architecting the Enterprise for Cybersecurity: Visibility-Focused, Data-Backed, and Streamlined January 26, 2023
  • Regulations, Risks and Reputation: The 3Rs to Consider How Sanctions Can Impact Your Business January 26, 2023
Cyber Security Magazines

Categories

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

· © 2023 Brilliance Security Magazine · Powered by · Designed with the Customizr theme ·