Ever use the same email account and password login credentials for several websites, including travel, banking, and e-commerce? You are not alone. Millions of online users will reuse their credentials as a matter of convenience. Yet, this action makes the hacker’s job much easier for them to execute an account takeover (ATO) attack.
Fact: “An annual analysis of recaptured data from the darknet shows a 74%password reuse rate for users exposed in two or more breaches in the last year.”
Preventing ATO starts with placing proactive monitoring and controls across the organization’s identity management systems and application platforms, looking for suspicious activity, unauthorized access to accounts, and other malicious activities.
ForeNova, a global provider of managed detection and response services, created its NovaMDR offering to help organizations monitor, respond to, and provide remediation of their client’s digital assets to prevent complex cyberattacks, including ATO.
Interested in learning more about NovaMDR and ATO Prevention?
Click here to schedule a demo with the Forenova engineering and product support experts today!
Understanding Account Takeover (ATO) Attacks
One of the most common methods of financial fraud and identity theft is accessing a single credential that federates to several domains. Hackers leverage several attack vectors, including email phishing, to lure victims into disclosing their usernames and passwords or clicking on malicious links that redirect them to rogue sites and encourage them to change their passwords.
How big of a problem is ATO?
Here are some essential statistics highlighting how ATO is a global problem that every organization and individual needs to be aware of.
Personal Impact
- “Account takeover fraud resulted in nearly $13 billion in losses in 2023.”
- “24% of consumers were a victim of ATO in 2024, up from 18% in 2023.”
- “Only 43% of account takeover victims were notified by the company that their information had been compromised.”
- “Four out of five consumers would stop shopping on a site where they’d been a victim of ATO.”
Corporate Impact
- “Over 75% of security leaders rank account takeovers as one of the top four cyber threats organizations face globally.”
- “ATO attacks increased 24% year-over-year in 2024.”
Standard Methods of ATO Attacks
90% of all cyberattacks begin with email phishing. Email phishing is a leading cause of ATO. ATO also has become the leading cause of identity theft and financial fraud.
Social engineering is a component of email phishing attempts. This attack vector is less about a technical cyberattack and more about using malicious actors’ social skills to lure the victim into disclosing credential information.
Social engineering tactics include email messages, social media postings, phone calls, SMS messages, and public encounters. The hacker’s references lure victims by claiming they know someone close to them, a place they have worked, or maybe even a family member.
Preventing social engineering starts with organizations investing in security awareness training and attack simulation, which are additional security measures that help minimize this threat. These tools are critical in educating the user community about hackers’ social skills and other types of attacks.
Impact of ATO Attacks
Financial accounts remain prime targets for ATO attacks, with cybercriminals seeking quick access to banks’ accounts and transactions. Account Takeover currently comprises 90% of fraud attempts, and this trend will probably continue into 2024.
ATO attacks and their consequences vary depending on the victim. Corporate users who reuse their business credentials, especially across federated identity domains, place themselves and their organizations at significant risk for financial fraud, intellectual property theft, and extortion schemes.
Hackers who successfully compromise an organization’s credentials spread attacks across other employees within the same domain. This propagation of attacks also becomes a problem for other organizations connected through supply chains or digital application platforms. Supply chain attacks from phishing campaigns continue to be a global problem, partially because of ATO attacks.
Once an individual’s credentials within an organization become compromised, the hackers target this person’s individual username and password credentials.
ATO Attacks Jump in 2024: Trend Expected in 2025
“Sift has released its Q3 2024 Digital Trust Index, which found that account takeover (ATO) attacks are on the rise, having an increase of 24% across its Global Network.”
“Additionally, 24% of clients surveyed by Sift reported being ATO victims in the past year, up from 18% in 2023. This surge is part of a trend, with Sift data showing a 354% year-over-year increase in ATO attacks in Q2 2023.”
Organizations with complex passwords continue to see rising operations costs even with self-tools enabled.
Financial Losses for Organizations and Individuals
In a recent report, Experian released statistics showing how impactful ATO attacks are against banks globally.
“A March 2024 survey by Liminal revealed that ATO attacks average $6,232 each, with a 66.8% rise in social engineering attacks over the past two years. Despite this growth, only 44% of banks use mobile device signals to combat these threats.”
Costs per ATO rarely include the reputation damage organizations face when they suffer a breach. Customer trust is critical for an organization to keep clients. An ATO attack breach damages an organization’s ability to sustain customer trust.
Importance of Prevention Strategies
Preventing ATO attacks using legacy email security, static identity management fraud detection, or next-generation firewalls (NGFW) technology alone is unrealistic.
Hackers use artificial intelligence (AI) and machine learning (ML) tools to create attack vectors. Powered by AI, hackers can launch ATO attacks through social engineering, email phishing, and SMS at much higher volumes than most organizations capable of detection and prevention.
Organizations that struggle with the constant increases in ATO invest considerable financial capital in next-generation cybersecurity defensive tools powered by artificial intelligence (AI) and machine learning (ML).
Leveraging AI and Machine Learning in ATO Prevention
Organizations must place front-end AI-based fraud detection and prevention security tools on their various application portals, databases, and websites that link back to sensitive customer and organization data.
- AI-based access control observability tools detect the initial attack vectors of ATO even if the attack is multi-threaded and distributed.
- Upgrade to AI-powered email security tools to eliminate the threat of phishing attacks. This tool is vital in blocking ATO attacks through the email channel.
- Invest in AI-powered security awareness training and attack simulation tools to educate the user community about the threats.
- Deploying multi-factor authentication (MFA) as a strong protection against ATO. However, hackers continue to discover ways to bypass this adaptive control.
- Invest in incident response automated tools for faster response to ATO attacks.
- Continue to hire more experienced security engineering talent to staff security operations. center 24×7.
- If the organization has trouble hiring security talent, the next step is to develop a relationship with an MDR provider like Forenova to assist with the SecOps functions.
Increase Focus In Threat Intelligence a Plus in Stopping ATO
ATO attacks powered by AI no longer use analog or manual distribution channels. Attack automation allows the hacker to target thousands of organizations simultaneously. Knowing who is conducting the attack and where it originated would be critical intelligence for the SecOps teams.
With threat intelligence data, SecOps teams can proactively enable additional security controls, policies, and countermeasures before the initial vector affects their user community.
Leveraging exceptional threat intelligence data and threat modeling frameworks and tools is critical for an organization that wants to stay ahead of future attacks.
The Role of MDR for All Things ATO
Detection and prevention of ATO attacks require continuous monitoring across several security devices and platforms. ATO attacks leverage several vectors that form a digital kill chain.
Preventing kill chain attacks begins with correlating telemetry into a Security Information Event Management (SIEM) platform staffed by security engineers with global knowledge and experience to identify and stop these attacks from propagating across the enterprise.
In addition to correlating the telemetry information, SecOps teams must combine it with threat intelligence and threat modeling tools to better understand the source and its impact on the organization.
ATO attacks powered by AI morph based on attack telemetry processed by the hacker’s LLM. SecOps teams need access to similar capabilities to detect when an ATO attack changes its method, velocity, and GEO-location attack vector.
NovaMDR by Forenova is a global MDR service built for the AI-adversary world. Attacks, including AI-generated ATO, need an MDR provider like Forenova with expertise in hosted-based, network, and endpoint detection. Along with its expertise in these defensive tools, Forenova’s ability to support regulated industries in Germany, including healthcare, manufacturing, education, and government, speaks to its expertise in cybersecurity and wealth of experience.
NovaMDR is ISO 27001:2022 certified.
Why Forenova?
Are ATO attacks becoming a bigger problem? Do you see a rise in credential theft and unauthorized access to critical systems hosting sensitive data?
Click here to schedule an initial consultant and demonstration of NovaMDR service from the team at Forenova.
